Possible open redirect vulnerability #18

New Issue

Closed

opened 2022-08-05 12:32:03 +00:00 by neri · 1 comment

neri commented

2022-08-05 12:32:03 +00:00

Owner

https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html

When uploading an html document that includes a <script> the attacker can redirect to any website.

This isn't so bad, it just allows datatrash to be used as an unchecked link shortener, which should be avoided.

The fix would be to add a strict CSP to datatrash and make sure that no executable content will be served in such a way that the browser runs it.

Possible CSP fix: Only allow styles/scripts/etc from paths that belong to the application and are not uploaded files

https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html When uploading an html document that includes a `<script>` the attacker can redirect to any website. This isn't so bad, it just allows datatrash to be used as an unchecked link shortener, which should be avoided. The fix would be to add a strict CSP to datatrash and make sure that no executable content will be served in such a way that the browser runs it. Possible CSP fix: Only allow styles/scripts/etc from paths that belong to the application and are not uploaded files

neri commented

2022-11-22 19:51:00 +00:00

Author

Owner

Hopefully fixed by setting Content-Type: application/octet-stream when the Sec-Fetch-Mode request header is set to something other than navigate.

Hopefully fixed by setting `Content-Type: application/octet-stream` when the `Sec-Fetch-Mode` request header is set to something other than `navigate`.

neri closed this issue

2022-11-22 19:51:02 +00:00

No Label

No Milestone

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: neri/datatrash#18

No description provided.