search

beucismis / ozgursozluk

Free alternative Ekşi Sözlük front-end
https://ozgursozluk.freedns.rocks
Do What The F*ck You Want To Public License
29 stars 3 forks source link

Base URL vulnerability #7

Closed furkan-bilgin closed 1 year ago

furkan-bilgin commented 1 year ago

"eksi_sozluk_base_url" cookie can be set to any arbitrary URL by the client, causing the server to send requests to websites besides Ekşi Sözlük. This has a potential to be exploited in some way.

beucismis commented 1 year ago

This is correct. Maybe add RegEx control for URL. I am not sure. Any ideas other than removing it?

furkan-bilgin commented 1 year ago

Storing the base URL ID would be the safer option. Entrusting unsanitized URLs that our back-end uses to clients is never a good idea. One way of implementing that would be to store the URL's index that we are going to use, instead of the URL itself.

beucismis commented 1 year ago

Thanks. Commit: 84816d3