php-epub-meta icon indicating copy to clipboard operation
php-epub-meta copied to clipboard
verified publisher icon splitbrain

Potential SSRF vulnerability via coverurl

Open mal-tee opened this issue 1 year ago • 1 comments

Hi, https://github.com/splitbrain/php-epub-meta/blob/4fc37ad6e165e440d62611e211b5c63a9f288de1/index.php#L59-L60

allows an attacker to trigger a HTTP(S)-request to an arbitrary target via file_get_contents. This includes things like localhost. This is a vulnerability called Server-Side Request Forgery (SSRF).

SSRF can be used to exploit the local system, gain privileges and much more, depending on the deployment. Check out e.g. OWASP' material on SSRF for more information: https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/

mal-tee avatar Jan 31 '24 15:01 mal-tee

The index.php is a very simple example application using the library. It doesn't have any user authentication and is meant for personal use only. Anyone running this unprotected on the internet has bigger problems than the ability of requesting data from other servers in the same network.

Feel free to submit a pull request that fixes this without crippling the functionality. To me this is low priority at best.

splitbrain avatar Jan 31 '24 18:01 splitbrain