imgproxy-unauth: Imgproxy Unauthorized Access

日期: 2025-08-01 | 影响软件: Imgproxy | POC: 已公开

漏洞描述

imgproxy is a fast and secure standalone server for resizing, processing, and converting images.

PoC代码[已公开]

id: imgproxy-unauth

info:
  name: Imgproxy Unauthorized Access
  author: userdehghani
  severity: low
  description: |
    imgproxy is a fast and secure standalone server for resizing, processing, and converting images.
  remediation: set IMGPROXY_SECRET environment variable.
  reference:
    - https://docs.imgproxy.net/configuration/options
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cpe: cpe:2.3:a:evilmartians:imgproxy:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"imgproxy"
    product: imgproxy
    vendor: evilmartians
  tags: imgproxy,unauth,misconfig
variables:
  img_url: 'https://upload.wikimedia.org/wikipedia/commons/thumb/2/2f/Google_2015_logo.svg/375px-Google_2015_logo.svg.png'

http:
  - method: GET
    path:
      - "{{BaseURL}}/_/resize:fill:10:10:0/gravity:sm/plain/{{img_url}}"

    matchers:
      - type: dsl
        dsl:
          - 'status_code==200'
          - 'contains(content_type, "image/png")'
          - '("386116288" == mmh3(base64_py(body)))'
        condition: and
# digest: 4a0a00473045022100af65fcb564e9bf04aeb44e0e33a63f073c847c89760161ea2bbb8c1736db14f2022065df1ec961c3c778338c31ece08edd64202c9272d93f35594e3cc2750f8ce0ea:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/misconfiguration/imgproxy-unauth.yaml

相关漏洞推荐