BugCrowd Bug Bounty Disclosure: P5 – RTLO Injection leads to URi Spoofing – By nt3c

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct at the time of posting.

Program


Program Information

asana

asana

Details


Additional Information

  • Priority: P5

t was possible to perform RTLO Injection (Right To Left Override Injection). This technique takes advantage of \u202E, a non-printing Unicode character that causes the text that follows it to be displayed in reverse it is commonly used to disguise a string and/or file name and/or url to make it appear benign and to bypass security defences.

Submitted By


Submitter Information

  • Hacker Points: N/A
  • Hacker Accuracy: N/A
  • Hacker Rank: N/A

N/A