Server Side Request Forgery on JSON Feed

Disclosed: 2017-12-06 10:18:15 By mr_r3boot To infogram

Medium

Vulnerability Details

Hi Team, I would like to report SSRF issue. #PoC: 1. Navigate to ```https://infogram.com/app/[user-project]```. 2. Click on edit logo fields and click on add JSON Data. 3. Enter ```[url][openport]``` response is ```Download failed``` 4. Enter ```[url][closedport]``` response is ```Invalid data source``` #Fix: Don't give permission to port related connections or use single error message. Regards, Mr.R3boot.

Actions

View on HackerOne

Report Stats

Report ID: 280511
State: Closed
Substate: resolved
Upvotes: 10

Server Side Request Forgery on JSON Feed

Vulnerability Details

Actions

Report Stats

Share this report