Find a way around SSRF protections by WordPress plus plugins

fediverse-devnet / feditest

A testing framework for distributed, heterogeneous systems communicating with complex protocols, such as the Fediverse

https://feditest.org/

MIT License

32 stars 6 forks source link

Find a way around SSRF protections by WordPress plus plugins #367

Open jernst opened 11 hours ago

jernst commented 11 hours ago

It seems to be activated in wp_safe_remote_get in wp-includes/http.php and things like WebFinger lookup invoke this with the default arguments, which is to check for SSRF, and of course reasonable but cannot be easily overridden.

jernst commented 11 hours ago

Once done, make smoke test work: mastodon_api_mastodon_api.session.json with wordpress_mastodon.ubos.constellation.json