Replication process:
Login to the backend and create a new data source
Select dynamic data source and add the ip of dnslog.
After submitting, you can get the id from the queryDatasources route.
Then use queryOptions route to trigger ssrf.
Code Analysis:
Come to src/main/jsrf
src/main/java/io/jpress/module/form/controller/admin/_FormDatasourceController.java file
The queryDatasources route corresponds to the method that can be used to query the ids
If the data is dynamic, the method corresponding to the queryOptions route calls the proxy.start method.
Finally, the doSendRequest method is called to trigger the ssrf.
Download the latest version and start it locally
Replication process: Login to the backend and create a new data source
Select dynamic data source and add the ip of dnslog.
After submitting, you can get the id from the queryDatasources route.
Then use queryOptions route to trigger ssrf.
Code Analysis: Come to src/main/jsrf src/main/java/io/jpress/module/form/controller/admin/_FormDatasourceController.java file The queryDatasources route corresponds to the method that can be used to query the ids
If the data is dynamic, the method corresponding to the queryOptions route calls the proxy.start method.
Finally, the doSendRequest method is called to trigger the ssrf.