Invicti detected a Server-Side Request Forgery based on pattern matching and confirmed the vulnerability using specific ELMAH related requests.
This vulnerability can cause highly sensitive data leaks on current sessions.
- Session cookies
- Session state
- Query string and post variables
- Physical path of the requested file
- Where possible, do not use users' input for URLs.
- If you definitely need dynamic URLs, use whitelisting. Make a list of valid, accepted URLs and do not accept other URLs.
- Ensure that you only accept URLs those are located on the trusted domains.
web.configfile to disable remote access to the Elmah:
<appSettings> <add key="elmah.mvc.requiresAuthentication" value="true" /> <add key="elmah.mvc.allowedRoles" value="Admin" /> </appSettings>