neo-modules icon indicating copy to clipboard operation
neo-modules copied to clipboard

Published 20 hours ago verified publisher icon neo-project

oracle service vulnerability: local information leak

Open vang1ong7ang opened this issue 3 years ago • 2 comments

the following way of avoiding local access is not enough:

https://github.com/neo-project/neo-modules/blob/32aacc468ad43600817daabbec834e715017d962/src/OracleService/Protocols/OracleHttpsProtocol.cs#L41-L46

since a remote server is able to return a redirect response whose target is https://local-address/x.

original issue https://github.com/neo-project/neo/issues/2662

vang1ong7ang avatar Feb 26 '22 15:02 vang1ong7ang

and actually i don't think any of current solution (#692, #694) 100% works. (although i prefer #692 because it actually avoid the request happening)

because they cannot avoid dns rebinding attack

vang1ong7ang avatar Mar 02 '22 08:03 vang1ong7ang

to prevent ssrf and dns rebinding, i suggested customizing http.Transport in nspcc/neo-go which is a reliable solution easily searched.

still haven't find any easy solution on dotnet. probably we need a new httpsclient 🌚

(too many years, no answer) https://stackoverflow.com/questions/58391775/how-to-prevent-ssrf-in-net

vang1ong7ang avatar Mar 02 '22 08:03 vang1ong7ang