SSRF bypass
Low
C
Concrete CMS
Submitted None
Actions:
Reported by
pabl00nicarres
Vulnerability Details
Technical details and impact analysis
This simply describes a bypass for report at https://hackerone.com/reports/243865, using a decimal notation encoded IP address (0177.0.0.1
) currently bypasses the limitations in place for localhost.
crayons (re-submitting report including "magic" string)
Concrete5 version used is 8.5.2
## Impact
Interacting with local services, impact may vary depending on services actually exposed.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Server-Side Request Forgery (SSRF)