HackerOne: Additional bypass allows SSRF for internal netblocks

ID H1:288950
Type hackerone
Reporter edoverflow
Modified 2017-11-16T20:15:03


It turns out there is another bypass in the private_address_check gem. The gem does not include in the exclusion list in the first place.

irb(main):001:0> require 'private_address_check' => true irb(main):002:0> PrivateAddressCheck.private_address?("") => false

I was able to bypass your filter by using as you can see below:


Please find a hotfix for this issue attached to this report: {F238152}. The author of the gem has been notified and should hopefully provide a proper fix very soon.