Skip to content

Normalization of url cause an ssrf security bypass #7315

Description

@HackingRepo

Hello,

I noticed by example when i pass https:google.com auto fixed to https://google.com that lead to an SSRF bypass for WAFs and filters and security measures on swisskyrepo/PayloadsAllTheThings#809.

I suggest to throw an exception instead of auto fix, Never try to fix user input instead suggest the fix by example the error will be

Invalid url `https:google.com/`, Did you mean `https://google.com/` the two slaces must come first after the protocol followed by :

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue::bugThis issue is related to a bug that requires fixing

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions