You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By design the ping module is subject to an information disclosure vulnerability. If even if the administrator of a CloudBot has it's IP address hidden by a hostmask, you can put up a firewall on your box that logs the ICMP protocol, then you .ping yourserver.com with CloudBot; it's IP will appear in your firewall logs. The only way around this 'bug' that i can devise while keeping the ping module would be to ping over a VPN or through some type of proxy that can handle ICMP, but it would be easiest just to remove it from sensitive applications imo.
The text was updated successfully, but these errors were encountered:
By design the ping module is subject to an information disclosure vulnerability. If even if the administrator of a CloudBot has it's IP address hidden by a hostmask, you can put up a firewall on your box that logs the ICMP protocol, then you
.ping yourserver.comwith CloudBot; it's IP will appear in your firewall logs. The only way around this 'bug' that i can devise while keeping the ping module would be to ping over a VPN or through some type of proxy that can handle ICMP, but it would be easiest just to remove it from sensitive applications imo.The text was updated successfully, but these errors were encountered: