OwnCast SSRF
Description
An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.
POC
- Browse the main page
- Click name > Authenticate
- Fill the arbritary host and click checkmark
- Observe the result with response error and timing
Vulnerability Type
Incorrect Access Control
Vendor of Product
OwnCast
Affected Product Code Base
OwnCast - 0.1.1
Affected Component
authHost parameter of the indieauth function
Attack Type
Remote
Attack Vectors
An unauthenticated user can force the server to access localhost, internal network host, and external hosts and resources.
Reference
Discoverer
Shahzaib Ali Khan