Vulnerability description STEEMPUNK

in #utopian-io7 years ago (edited)

Vulnerability description
SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force server interfaces into sending packets initiated by the victim server to the local interface or to another server behind the firewall. Consult Web References for more information about this problem.
Affected items
/packages/bin/unsemantic/
The impact of this vulnerability
The impact varies according to the affected server interface.

How to fix this vulnerability

Your script should properly sanitize user input.

Web references

SSRF VS. BUSINESS-CRITICAL APPLICATIONS

untitled.bmp



Posted on Utopian.io - Rewarding Open Source Contributors

Sort:  

Thanks for the information.

At the moment, I do not see a direct vulnerability. Can you go into the problem in more detail? Which testing tool did you use?

Do you have a practical example?

Your contribution cannot be approved because it is not as informative as other contributions. See the Utopian Rules. Contributions need to be informative and descriptive in order to help readers and developers understand them.

It's really nice to have someone like you around, doing vulnerability tests on open source projects.
Unfortunately this report is too broad to be helpful for the project owner.

You can contact us on Discord.
[utopian-moderator]

Congratulations @mhmtbhtyr! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @mhmtbhtyr! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You made more than 400 upvotes. Your next target is to reach 500 upvotes.

Click here to view your Board of Honor
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard:

SteemFest³ - SteemitBoard Contest Teaser
The new Steemfest³ Award is ready!

Support SteemitBoard's project! Vote for its witness and get one more award!

Congratulations @mhmtbhtyr! You received a personal award!

1 Year on Steemit

Click here to view your Board

Do not miss the last post from @steemitboard:

Christmas Challenge - The party continues
Christmas Challenge - Send a gift to to your friends

Support SteemitBoard's project! Vote for its witness and get one more award!

Congratulations @mhmtbhtyr! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

Congratulations @mhmtbhtyr! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You got more than 100 replies.
Your next target is to reach 200 replies.
You received more than 50 HP as payout for your posts and comments.
Your next payout target is 100 HP.
The unit is Hive Power equivalent because your rewards can be split into HP and HBD

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Check out the last post from @hivebuzz:

Feedback from the March 1st Hive Power Up Day