There an Server-side request forgery vulnerability

[LockeTom]

Description Eladmin v2.7 has an Server-side request forgery vulnerability in the Server management.

When an attacker adds a server, an attacker can construct an arbitrary IP address and initiate a test connection request for the IP address on the frontend, and the server will initiate a connection request for the IP address.

Vulnerable code

eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/ServerDeployController.java

Step 1

Add data to the frontend and initiate a test connection

Step 2 We use burp to capture packets and change the IP address to DNSlog

Step 3 Let's look at the dnglog record,We can see that the server has initiated a connection test request for the IP

Versions eladmin ≤ v2.7

Reporter https://github.com/LockeTom

[KentKong666]

This should be controlled when there is a permission-access limit. The PreAuthorize attribute can prevent the attack behavior. Anyway, this is good catch.