Server-Side Request Forgery (SSRF) in janeczku/calibre-web
Valid
Reported on
Feb 21st 2022
Description
Bypass of this report: https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369/
Proof of Concept
Blacklist does not check for 0.0.0.0
PAYLOAD: http://0.0.0.0
This payload will be resolved to localhost
>>> import socket
>>> from urllib.parse import urlparse
>>> PAYLOAD = 'http://0.0.0.0'
>>> socket.getaddrinfo(urlparse(PAYLOAD).hostname, 0)[0][4][0]
'0.0.0.0'
Impact
SSRF
Occurrences
We are processing your report and will contact the
janeczku/calibre-web
team within 24 hours.
a year ago
We have contacted a member of the
janeczku/calibre-web
team and are waiting to hear back
a year ago
We have sent a
follow up to the
janeczku/calibre-web
team.
We will try again in 7 days.
a year ago
Suggested fix: use ipaddress to implement localhost/internal network ip addresses checks.
We have sent a
fix follow up to the
janeczku/calibre-web
team.
We will try again in 7 days.
a year ago
helper.py#L736-L737
has been validated
to join this conversation
