fetch web data(): possibly dangerous local proxy

Started by qc, May 09, 2016, 11:48:38 AM

Previous topic - Next topic

qc

Hi @ALL,

A classic weakness found in many web applications is the 'local proxy': While remote access to the server is often heavily restricted, requests originating from the local network or the webserver itself (localhost) are often regarded as less suspicious. Various services running on the server, such as memcache or a data storage, might e. g. allow read access from localhost only. Therefore, a malicious person will often look for a 'proxy' on the webserver translating possibly malicious remote requests into local requests, send by the webserver itself.

'Local proxy' in SMF: the fetch_web_data() function is often used to fetch content from remote webservers, e.g. from an open ID provider or SMF package server. However, it also accepts localhost as the destination address.

I am just writing this here to raise awareness of this weakness - which is not a vulnerability in itself but often a stepping stone - and discuss the best way to 'harden' SMF.
Playing quizduell? Having quizduell questions? Our german quizduell forum quizcommunity.de is looking for quiz freaks to come and play quizduell with us :)

Advertisement: