DEV Community


Discussion on: Pwned Together: Hacking

n1nj4sec profile image
Nicolas Verdier • Edited

Nice finding Antony,
For your information, the latest commit was still exploitable :) here is the poc to bypass the regex : /../9fc83e8bc780e5c10739933ec3347460/raw/b46eef9822a00473f720680ed664873c3e20af9f/test.js" (the trick is to use /../)
and the fix implemented :

antogarand profile image
antogarand profile image
Antony Garand Author

This patch was also vulnerable ;)

As the regex ended with $, we could bypass it with a newline, then /../../.. + raw gist

This was fixed by using \A and \Z instead of ^ and $!