SSRF bypass

Disclosed: 2021-10-04 15:53:07 By pabl00nicarres To concretecms
Low
Vulnerability Details
This simply describes a bypass for report at https://hackerone.com/reports/243865, using a decimal notation encoded IP address (0177.0.0.1 ) currently bypasses the limitations in place for localhost. crayons (re-submitting report including "magic" string) Concrete5 version used is 8.5.2 ## Impact Interacting with local services, impact may vary depending on services actually exposed.
Actions
View on HackerOne
Report Stats
  • Report ID: 863221
  • State: Closed
  • Substate: resolved
  • Upvotes: 13
Share this report