Key Information Summary 0x01 Vulnerability Overview Vulnerability Type: SSRF (Server-Side Request Forgery) Affected Scope: JeecgBoot v3.4.0 and earlier versions Description: Attackers can exploit this vulnerability to initiate arbitrary HTTP requests from the server side, potentially accessing internal network resources or performing other malicious operations. 0x02 Environment and Setup Test Project: JeecgBoot v3.4.0 Local Environment: Windows 10, Java 8 Related Code: Partial source code snippets provided, showing the exact location and logic where the vulnerability exists. 0x03 Vulnerability Details Critical Code: - The method in the class is vulnerable. - The method of is called without strict validation of input parameters. - The must equal 5 to trigger the vulnerability. Example Code: 0x04 IP Bypass via Redirection Description: By crafting specific URLs, attackers can bypass certain security checks. Example: 0x05 Limitations SSRF response body is returned only to the user Only HTTP responses with Content-Type: application/json will be sent 0x06 Impact Potential Risks: Internal network penetration, data leakage, etc. 0x07 Recommended Remediation Measures Strengthen Input Validation: Strictly validate and filter user-supplied data. Implement Whitelisting: Restrict access to internal services and ports using a whitelist mechanism.