codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Partial URLs should not sanitize against SSRF

Open pwntester opened this issue 3 years ago • 0 comments
trafficstars

As an example:

	urlPath := ctx.Req.URL.Path
	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
        req, _ := http.NewRequest("GET", source+hash, nil)

pwntester avatar Aug 11 '22 14:08 pwntester