Possible open redirect vulnerability #18

Closed
opened 2022-08-05 12:32:03 +00:00 by neri · 1 comment
Owner

https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html

When uploading an html document that includes a <script> the attacker can redirect to any website.

This isn't so bad, it just allows datatrash to be used as an unchecked link shortener, which should be avoided.

The fix would be to add a strict CSP to datatrash and make sure that no executable content will be served in such a way that the browser runs it.

Possible CSP fix: Only allow styles/scripts/etc from paths that belong to the application and are not uploaded files

https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html When uploading an html document that includes a `<script>` the attacker can redirect to any website. This isn't so bad, it just allows datatrash to be used as an unchecked link shortener, which should be avoided. The fix would be to add a strict CSP to datatrash and make sure that no executable content will be served in such a way that the browser runs it. Possible CSP fix: Only allow styles/scripts/etc from paths that belong to the application and are not uploaded files
Author
Owner

Hopefully fixed by setting Content-Type: application/octet-stream when the Sec-Fetch-Mode request header is set to something other than navigate.

Hopefully fixed by setting `Content-Type: application/octet-stream` when the `Sec-Fetch-Mode` request header is set to something other than `navigate`.
neri closed this issue 2022-11-22 19:51:02 +00:00
Sign in to join this conversation.
No Label
No Milestone
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: neri/datatrash#18
No description provided.