Initially JavaScript was being escaped with their WAF. The second POC demonstrat... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

GregoryVPerry on Dec 24, 2017 | parent | context | favorite | on: I Got Paid $0 from the Uber Security Bug Bounty

Initially JavaScript was being escaped with their WAF.

The second POC demonstrated the ability to evade both their WAF and XSS_Auditor.

Their development team then verified the ability to execute arbitrary JavaScript from any *.cloudfront.net host.

That's pretty much the whole story.

fredericoqq on Dec 24, 2017 [–]

Could you make an alert(1) or not?

If you couldn't, it's plausible the non-security developers incorrectly speculated it was possible?

netsec_burn on Dec 24, 2017 | [–]

Now I'm starting to wonder the same thing, *.cloudfront.net is not Uber.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact