Server-Side Request Forgery (SSRF) in janeczku/calibre-web
Feb 21st 2022
Bypass of this report: https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369/
Proof of Concept
Blacklist does not check for
This payload will be resolved to
import socket from urllib.parse import urlparse PAYLOAD = 'http://0.0.0.0' socket.getaddrinfo(urlparse(PAYLOAD).hostname, 0) '0.0.0.0'
We are processing your report and will contact the janeczku/calibre-web team within 24 hours. a year ago
janeczku validated this vulnerability a year ago
Rohan Sharma has been awarded the disclosure bounty
The fix bounty is now up for grabs
commented a year ago
Suggested fix: use ipaddress to implement localhost/internal network ip addresses checks.
We have sent a fix follow up to the janeczku/calibre-web team. We will try again in 7 days. a year ago
to join this conversation