-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: POST出现服务器端请求伪造漏洞,位置:HEADER #538
Comments
Could you provide the complete method pool information? It can be found from the field "method_pool" in the table "iast_agent_method_pool" of the database. Please remember to obfuscate any sensitive information. |
iast_agent_method_pool.txt |
What is the JDK version for this project? method |
已经确定了是误报吗? |
Preflight Checklist
Version
1.12.0
Installation Type
Official Kubernetes
Service Name
DongTai-Web
Describe the details of the bug and the steps to reproduce it
根据调用链显示x-forwarded-for参数存在ssrf的注入点,我将洞态上的请求复制到burp上重新发从,发现将x-forwarded-for这个参数删除之后仍然可以得到响应结果,这个是不是误报?
Additional Information
No response
Logs
No response
The text was updated successfully, but these errors were encountered: