API tools faq
paste
Advertisement
gersy

Untitled

gersy
Jul 14th, 2017
475
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.79 KB | None | 0 0
raw download clone embed print report
  1. Hi guys
  2.  
  3.  
  4.  
  5. First to be honest i'm not sure if this a real security concern , but i decided to report it anyway.
  6.  
  7.  
  8. When we request a resource that starts with `@` character over unencrypted http , your server at app.goodhire.com , redirects to a domain matching the source .
  9.  
  10. for example
  11.  
  12. ```http
  13. Get @evil.net HTTP/1.1
  14. Host: app.goodhire.com
  15. ```
  16.  
  17. **Markdown may change the format because of special syntax, check the screenshot**
  18.  
  19. Response will be :
  20.  
  21. ```http
  22. HTTP/1.0 301 Moved Permanently
  23. Location: https://app.goodhire.com@evil.net
  24. ```
  25.  
  26. The `https://app.goodhire.com@evil.net` is not your domain , so this might not be widely exploitable , but i beleive this is not an ideal behaviour and requires a fix as it may have another consequences like impacting your cache.
  27.  
  28.  
  29. Regards
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!