There is an ssrf vulnerability in the goodsCoverImg parameter of the v1.0.0 version of the new bee mall

[dabaizhizhu]

The newbee-mall project is an e-commerce system, including the newbee-mall mall system and the newbee-mall-admin mall backend management system, which is developed based on Spring Boot and related technology stacks.
This SSRF vulnerability needs to modify the product attribute parameters through the background, and then once the user sees the product with the modified attribute in the foreground, it will cause the SSRF to be generated

The company of the vulnerability product is：https://github.com/newbee-ltd/newbee-mall

Vulnerability recurrence and analysis：

Log in to the backend and click Modify or Add Product:

After passing in the random images, click Save and capture the package.

Modify the above two parameters of the POST data package to dnslog address, put the package, and search for the product name at the front desk of the mall.

Click Access, and the DNS platform will appear as a record.

Locate code blocks based on interfaces:

It can be found that after accepting the parameters to determine whether it is null, it enters the core method updateNewBeeMallGoods, and follows up:

After following the interface, find the interface implementation class, and finally locate the update information code block.
As you can see, only the null judgment and the same judgment are made on the incoming parameter value, and the set method is called to store it.
Because there is no filtering during storage, the goodsCoverImg parameter is directly taken out and put on the frontend during the view layer rendering, resulting in the vulnerability being triggered once the user accesses the product.