Information Disclosure vulnerability in ping.py module #285
Description
By design the ping module is subject to an information disclosure vulnerability. If even if the administrator of a CloudBot has it's IP address hidden by a hostmask, you can put up a firewall on your box that logs the ICMP protocol, then you .ping yourserver.com with CloudBot; it's IP will appear in your firewall logs. The only way around this 'bug' that i can devise while keeping the ping module would be to ping over a VPN or through some type of proxy that can handle ICMP, but it would be easiest just to remove it from sensitive applications imo.