sandbox-escape

2 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0
Handlebars Tempelate Injection and RCE
vulnerability

A researcher discovered a zero-day Server-Side Template Injection (SSTI) vulnerability in the Handlebars template engine used in Shopify's Return Magic app, achieving Remote Code Execution by exploiting Object.prototype methods and the Function constructor to bypass sandbox restrictions. The exploit leverages the 'with' helper and Object.prototype.defineProperty() to inject arbitrary code through email workflow templates.

template-injection server-side-template-injection remote-code-execution rce handlebars javascript nodejs sandbox-escape prototype-pollution object-prototype shopify vulnerability zero-day
Handlebars Shopify Return Magic HackerOne H1-514 Synack TrendMicro Matias
mahmoudsec.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Responsible Disclosure breaking out of a sandboxed editor to perform RCE
bug-bounty

A researcher discovered a sandbox escape vulnerability in HackerEarth's Theia IDE that allowed remote code execution by accessing the disabled terminal through VS Code's 'Task: Run selected text' command. The exploit enabled reading AWS credentials, SSL certificates, and other sensitive system files from the underlying infrastructure.

sandbox-escape remote-code-execution rce ide-security theia-ide vs-code responsible-disclosure aws-credentials metadata-service ecs-metadata ssl-certificate-exposure terminal-access privilege-escalation file-read git-metadata bug-bounty
HackerEarth Theia IDE VS Code Jatin Dhankhar Puma Scan AWS ECS
jatindhankhar.in · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details