GHSA-m74m-f7cr-432x

Summary

PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery (SSRF) attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive infrastructure data including droplet ID, network configuration, region, authentication keys, and SSH keys configured in user-data/cloud-init.

Details

The vulnerability exists in PyLoad's download package functionality (/api/addPackage endpoint), which directly passes user-supplied URLs to the download engine without validating the destination. The affected code in src/pyload/webui/app/blueprints/api_blueprint.py:

@bp.route("/addPackage", methods=["POST"], endpoint="add_package")
@login_required
def add_package():
    name = flask.request.form["add_name"]
    links = flask.request.form["add_links"].split("\n")
    # ... validation omitted ...
    api.add_package(name, links, dest)  # No URL validation

The download engine in src/pyload/core/managers/download.py accepts any URL scheme and initiates HTTP requests to arbitrary destinations, including internal network addresses and cloud metadata endpoints.

Proof of Concept

Live Demo Instance: http://143.244.141.81:8000
Credentials: pyload / pyload

• Login into the pyload application
• Navigate to package tab and enter the package name and fill the Link section with the following URL

http://169.254.169.254/metadata/v1.json

<img width="1851" height="786" alt="image" src="https://github.com/user-attachments/assets/18e7aedf-7663-4a57-8f3e-5200be2c958e" />

• Now navigate to Files section and download the link.

<img width="1429" height="870" alt="image" src="https://github.com/user-attachments/assets/9b8b9cd6-afb7-461c-b058-a3cc4f26e2e6" />

• It was observed that we are able to Read the Digital Ocean Metadata

<img width="1872" height="837" alt="image"...