Vulnerability: Domain whitelist/blacklist checking is done via regex, can be bypassed
justinsteven opened this issue · 1 comments
justinsteven commented
safecurl/src/fin1te/SafeCurl/Options.php
Lines 210 to 216 in a7c3d70
This is presumably to make the matching case-insensitive.
It introduces a bypass, in that each blacklisted/whitelisted domain name is treated as a regex. Domains almost always include the .
character which is a regex metacharacter.
For example, a domain whitelist of ['accounts.google.com']
would allow requests to https://accountszgoogle.com
justinsteven commented