Factlink: Proxy discloses internal web servers

2014-02-13T20:05:27
ID H1:1409
Type hackerone
Reporter jobert
Modified 2014-04-08T08:37:00

Description

Hi guys,

I found a bug that allows users of your proxy to retrieve pages from your internal web servers -- in this case, the 172.16.64.0/24 subnet. As an example, please see this link. As you will see, it returns the HTML of your Chef server (which, I assume, cannot be accessed from the internet). I wasn't able to access any of your systems. That being said, I didn't really spent time on it.

Please note that once your proxy is also able to follow redirects, it should reject redirects to internal hosts as well.