Factlink: Proxy discloses internal web servers

ID H1:1409
Type hackerone
Reporter jobert
Modified 2014-04-08T08:37:00


Hi guys,

I found a bug that allows users of your proxy to retrieve pages from your internal web servers -- in this case, the subnet. As an example, please see this link. As you will see, it returns the HTML of your Chef server (which, I assume, cannot be accessed from the internet). I wasn't able to access any of your systems. That being said, I didn't really spent time on it.

Please note that once your proxy is also able to follow redirects, it should reject redirects to internal hosts as well.