This PoC describe how to exploit SSRF on EXMAGE - WordPress Image Links version 1.0.3

CVE-2022-1037 | EXMAGE <= 1.0.4 - Admin+ Blind SSRF

The EXMAGE plugin - WordPress Image Links version 1.0.3 does not have protections against SSRF, so it is possible to forge requests to internal services and enumerate web servers that are not directly exposed, if you know the path of an image

Let's say there is a web service that is running locally

After trying to directly access the service, we are not successful

Then, we can perform an enumeration of this service through the SSRF present in the EXMAGE plugin - WordPress Image Links

with this, we were able to enumerate web servers by forging requests.