re: Pwned Together: Hacking dev.to VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION

This patch was also vulnerable ;)

As the regex ended with $, we could bypass it with a newline, then /../../.. + raw gist

github.com/thepracticaldev/dev.to/...

This was fixed by using \A and \Z instead of ^ and $!

code of conduct - report abuse