upgrade Aspen on inside.gratipay.com to pick up CR injection fix

Disclosed: 2017-03-22 22:31:09 By valievkarim To gratipay

High

Vulnerability Details

1) Using IE11, open DevTools and start network capture 2) visit the following URL: http://inside.gratipay.com/assets/%0dSet-Cookie:%20qwe=qwe%0dq 3) find a 'qwe' cookie set in the response There is a 0x0d character injected, which can be used as a header delimiter in IE. To see this behaviour using Curl, you can use the following command: curl -s -v 'http://inside.gratipay.com/assets/%0dSet-Cookie:%20qwe=qwe%0dq' 2>&1|less Screenshots of Curl output and DevTools are attached.

Actions

View on HackerOne

Report Stats

Report ID: 143139
State: Closed
Substate: resolved
Upvotes: 8

upgrade Aspen on inside.gratipay.com to pick up CR injection fix

Vulnerability Details

Actions

Report Stats

Share this report