Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oracle service vulnerability: local information leak #693

Open
vang1ong7ang opened this issue Feb 26, 2022 · 2 comments
Open

oracle service vulnerability: local information leak #693

vang1ong7ang opened this issue Feb 26, 2022 · 2 comments

Comments

@vang1ong7ang
Copy link

vang1ong7ang commented Feb 26, 2022
edited
Loading

the following way of avoiding local access is not enough:

neo-modules/src/OracleService/Protocols/OracleHttpsProtocol.cs

Lines 41 to 46 in 32aacc4

if (!Settings.Default.AllowPrivateHost)
{
IPHostEntry entry = await Dns.GetHostEntryAsync(uri.Host);
if (entry.IsInternal())
return (OracleResponseCode.Forbidden, null);
}

since a remote server is able to return a redirect response whose target is https://local-address/x.

original issue neo-project/neo#2662
@shargon shargon mentioned this issue Feb 28, 2022
Merged
@erikzhang erikzhang mentioned this issue Mar 2, 2022
Closed
@vang1ong7ang
Copy link
Author

vang1ong7ang commented Mar 2, 2022
edited
Loading

and actually i don't think any of current solution (#692, #694) 100% works. (although i prefer #692 because it actually avoid the request happening)

because they cannot avoid dns rebinding attack

@vang1ong7ang vang1ong7ang mentioned this issue Mar 2, 2022
Closed
@vang1ong7ang
Copy link
Author

vang1ong7ang commented Mar 2, 2022
edited
Loading

to prevent ssrf and dns rebinding, i suggested customizing http.Transport in nspcc/neo-go which is a reliable solution easily searched.

still haven't find any easy solution on dotnet. probably we need a new httpsclient 🌚

(too many years, no answer)
https://stackoverflow.com/questions/58391775/how-to-prevent-ssrf-in-net

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix redirection neo-project/neo-modules
1 participant
@vang1ong7ang