Bookie icon indicating copy to clipboard operation
Bookie copied to clipboard
verified publisher icon dubs3c

Verify external social media meta tags

Open dubs3c opened this issue 6 years ago • 2 comments

I'm some what sure that there may exist certain injection attacks via meta tag handling, investigate further.

dubs3c avatar Apr 10 '19 19:04 dubs3c

  • XSS doesn't work
  • XSS via .svg files doesn't seem to work

dubs3c avatar Apr 13 '19 21:04 dubs3c

It could be possible to use links such as http://127.0.0.1, http://localhost and http://169.254.169.254. However Bookie will first check if the submitted URL is a valid URL, which will fail for IP addresses and URLs with no top level domain (e.g. .com). Even so, I added the following method to check URLs: https://github.com/mjdubell/Bookie/commit/e33e33f5169586a158103af985c93a7bbd38d6b4#diff-d38f7d5f7a2c7bcfb03b47cd27610b10R89

It should be possible to perform a DNS rebinding attack, e.g. extract meta information from the droplets internal API, http://169.254.169.254. However in the context of Digital Ocean, there doesn't seem to be any secrets that can be exposed, like in AWS.

dubs3c avatar Oct 02 '19 12:10 dubs3c