Loveraven42

Name of the Vulnerable Software and Affected Versions: Glastopf version 3.1.3-dev Description: The issue concerns a Server-Side Request Forgery (SSRF) in Glastopf, demonstrated through the `abc.php` `a` parameter. It is noted that the vendor considers this behavior intentional, as Glastopf is a web application honeypot. The product includes modules for emulation, such as Remote File Inclusion, which is supported by the `rfi.py` file in the `modules/handlers/emulators` directory. Recommendations: For Glastopf version 3.1.3-dev, consider restricting access to the `abc.php` endpoint to minimize the risk of exploitation, as the SSRF behavior is considered part of the honeypot's intentional functionality.