search

Dineshkarthik / Send2Kindle

A Python mailer specifically crafted for FreeTamilEbooks users to add ebooks directly to their kindle device.
http://freetamilebooks.com
MIT License
5 stars 3 forks source link

SSRF vulnerability #1

Closed abuvanth closed 5 years ago

abuvanth commented 5 years ago

I found SSRF vulnerability on this line

https://github.com/Dineshkarthik/Send2Kindle/blob/ca1dd9ee848405ceff5a563bcd306968f897d396/mailer.py#L48

Fix as soon as possible.

abuvanth commented 5 years ago

https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/

abuvanth commented 5 years ago

Please whitelist http:freetamilebooks.com in mailer.py