SSRF in file upload file URL
The problem
It was possible to store the response of a request to a service within the private network to a file. This could be done by providing a private URL in the upload user file by private file.
The fix
Resolve the IP address of the provided URL and check if it is a private IP address. If so, an error will be raised.
How to test
- Try to fetch a URL from a public internet exposed file which should work.
- Try to fetch the a URL of an internal network, for example
http://localhost:8000/test.txt
which should fail.
Edited by Bram Wiepjes