- Author: Alexander Menshchikov (n0str)
- Language: Python
- Ideas: Path traversal in consul; Base64 collisions
- Bugs: Unsanitized variables pass to the consul request; Check an ownership of article by base64, but used resource by its decoded value
-
Tagin/searchrequest goes unsanitized -
You can add article with another base64 article id, which would be decoded to the other's
article_idused by/getCommentsaction