Server Side Request Forgery on JSON Feed
Medium
I
Infogram
Submitted None
Actions:
Reported by
mr_r3boot
Vulnerability Details
Technical details and impact analysis
Hi Team, I would like to report SSRF issue.
#PoC:
1. Navigate to ```https://infogram.com/app/[user-project]```.
2. Click on edit logo fields and click on add JSON Data.
3. Enter ```[url][openport]``` response is ```Download failed```
4. Enter ```[url][closedport]``` response is ```Invalid data source```
#Fix:
Don't give permission to port related connections or use single error message.
Regards,
Mr.R3boot.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Server-Side Request Forgery (SSRF)