DEV Community

loading...

Discussion on: Pwned Together: Hacking dev.to

Collapse
antogarand profile image
Antony Garand Author

This patch was also vulnerable ;)

As the regex ended with $, we could bypass it with a newline, then /../../.. + raw gist

github.com/thepracticaldev/dev.to/...

This was fixed by using \A and \Z instead of ^ and $!