splitbrain
commented
9 months ago The index.php is a very simple example application using the library. It doesn't have any user authentication and is meant for personal use only. Anyone running this unprotected on the internet has bigger problems than the ability of requesting data from other servers in the same network.
Feel free to submit a pull request that fixes this without crippling the functionality. To me this is low priority at best.
Hi, https://github.com/splitbrain/php-epub-meta/blob/4fc37ad6e165e440d62611e211b5c63a9f288de1/index.php#L59-L60
allows an attacker to trigger a HTTP(S)-request to an arbitrary target via
file_get_contents. This includes things like localhost. This is a vulnerability called Server-Side Request Forgery (SSRF).SSRF can be used to exploit the local system, gain privileges and much more, depending on the deployment. Check out e.g. OWASP' material on SSRF for more information: https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/