143 matches found
CVE-2020-13650
An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...
Stripo Inc: SSRF in /cabinet/stripeapi/v1/siteInfoLookup?url=XXX
Summary: SSRF vulnerability allows mapping the internal network. Steps To Reproduce: It is possible to run internal requests with the siteInfoLookup service. GET /cabinet/stripeapi/v1/siteInfoLookup?url=http://10.0.0.100:8080 HTTP/1.1 Host: my.stripo.email Based on the response we know if the ip ...
Проблема в Raptor (http proxing)
При разрешенном HTTP-прокси проксируются не только внутренние запросы наружу, но и наоборот, кроме того, проксируется ряд дополнительных портов...