We're a place where coders share, stay up-to-date and grow their careers.
This patch was also vulnerable ;)
As the regex ended with $, we could bypass it with a newline, then /../../.. + raw gist
$
/../../..
github.com/thepracticaldev/dev.to/...
This was fixed by using \A and \Z instead of ^ and $!
\A
\Z
^
This patch was also vulnerable ;)
As the regex ended with
$
, we could bypass it with a newline, then/../../..
+ raw gistgithub.com/thepracticaldev/dev.to/...
This was fixed by using
\A
and\Z
instead of^
and$
!