Angular SSRF Vulnerability: Unvalidated Headers Leading to Base Origin Manipulation

The vulnerability arises from Angular's reliance on unvalidated Host and X-Forwarded-* headers to determine the application's base origin. Attackers can exploit this by manipulating these headers to redirect requests to external domains, inject paths, or cause malformed URIs through improper port handling.

This PoC highlights critical flaws in Angular's request handling, demonstrating how attackers can control the application's perceived domain and path, leading to potential unauthorized access or data exposure. The reliability of this exploit is high due to the direct impact on URL resolution mechanisms.

Monitor for异常Host和X-Forwarded-*头在服务器日志中。检查请求来源是否与预期的来源一致，特别是当处理相对URL时。可以部署网络流量监控工具来检测可疑的请求模式。

Apply patches released by Angular to validate Host and X-Forwarded-* headers, sanitize paths, and ensure ports are numeric. Developers should avoid using untrusted headers for origin determination unless necessary.

The likelihood of exploitation is high due to the critical nature of the vulnerability affecting core request handling. Threat actors with interest in server-side attacks would target this to redirect traffic or access internal services.