BugCrowd Bug Bounty Disclosure: P5 – RTLO Injection leads to URi Spoofing – By nt3c

June 2, 2022

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct at the time of posting.

Program

Program Information

asana

asana

Program Details

Details

Additional Information

  • Priority: P5

t was possible to perform RTLO Injection (Right To Left Override Injection). This technique takes advantage of \u202E, a non-printing Unicode character that causes the text that follows it to be displayed in reverse it is commonly used to disguise a string and/or file name and/or url to make it appear benign and to bypass security defences.

Full Report (Source)

Submitted By

Submitter Information

  • Hacker Points: N/A
  • Hacker Accuracy: N/A
  • Hacker Rank: N/A

N/A

Submitter Profile

You may have missed

image 1

CVE Alert: CVE-2024-9511

November 24, 2024
image 1

CVE Alert: CVE-2024-11446

November 24, 2024
image 1

CVE Alert: CVE-2024-9635

November 24, 2024
image 1

CVE Alert: CVE-2024-11330

November 24, 2024
image 1

CVE Alert: CVE-2024-9659

November 24, 2024