SSRF issue

[carsonchan12345]

SSRF issue is found on ?explorer/upload/serverDownload endpoint, app/controller/explorer/upload.class.php. It allows authenticated users to access and download files from any internal IP address and potentially cause lateral movement and data exfiltration. Should consider restricting the download to external IP address only.

[kalcaddle]

Thanks for the feedback. We have made restrictions in this area before, but there is indeed a need to obtain resources from the intranet. This restriction has been removed in all subsequent versions.
If you have relevant needs, you can make some adjustments.

https://github.com/kalcaddle/kodbox/blob/main/app/function/web.function.php#L628
add line such as:

if($info['host'] == 'localhost' || $info['host'] == '127.0.0.1' || strstr($info['host'],'192.168.')) return false;