Potential SSRF vulnerability via coverurl

[mal-tee]

Hi,

php-epub-meta/index.php

Lines 59 to 60 in 4fc37ad

	if(preg_match('/^https?:\/\//i',$_POST['coverurl'])){
	$data = @file_get_contents($_POST['coverurl']);

allows an attacker to trigger a HTTP(S)-request to an arbitrary target via file_get_contents. This includes things like localhost. This is a vulnerability called Server-Side Request Forgery (SSRF).

SSRF can be used to exploit the local system, gain privileges and much more, depending on the deployment. Check out e.g. OWASP' material on SSRF for more information: https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/

[splitbrain]

The index.php is a very simple example application using the library. It doesn't have any user authentication and is meant for personal use only. Anyone running this unprotected on the internet has bigger problems than the ability of requesting data from other servers in the same network.

Feel free to submit a pull request that fixes this without crippling the functionality. To me this is low priority at best.