Vulnerability Overview Vulnerability Name: SSRF Vulnerability Exploited via XXE Injection in MetInfo Summary: - SSRF vulnerability is achieved through XML External Entity (XXE) injection, allowing attackers to craft malicious XML entities that cause the server to initiate HTTP requests to arbitrary network addresses. - Potential impacts include: internal network reconnaissance, port scanning, or sensitive information disclosure. Affected Products and Versions Product: MetInfo Versions: - All versions below 8.1 are vulnerable Vulnerability Types CWE-611: Improper Restriction of XML External Entity References (XXE) CWE-918: Server-Side Request Forgery (SSRF) Technical Details and Exploitation Steps Vulnerable Location: - Components that process XML data without properly disabling external entity resolution are susceptible. Exploitable API Path: PoC Code: - Set up listener: - - Craft malicious XML payload: - - Receive HTTP/1.0 GET request: - Listener output shows connection logs and request details. Remediation Recommendations 1. Disable External Entities: Ensure external entity resolution is disabled when processing XML data. 2. Use Secure XML Parsers: Avoid using default XML parsers or configurations that allow external entity resolution.