Wednesday 5 July 2017

Dropbox open redirect - Misconfigured Regex

After reading Geekboy's blog post:, it reminded me of similar(cause of the) issue which I found at Dropbox. 

The bug which I found was a open-redirect at .

Note that:

  • Changing "cont" with any domain didn't worked.
  • Changing "cont" with any domain didn't worked.

I then checked with, and it worked.

So what could be root cause of this bug?

The only possible cause I can think of is misconfigured Regex
For the sake of better understanding lets consider a simple vulnerable regex:
  • This /dropbox\.com$/ regex will always return true for all #{anything} domains.
  • In Geekboy's case, the regex could be similar to this one: /^www\.site\.com/, so this can be bypassed with{anything}.
The above two cases can be fixed by just adding ^ and $ in regex:
  • /^dropbox\.com$/
  • /^www\.site\.com$/

While looking for bypasses, always check:
  • validdomain.victim.comevil

1 comment:

  1. In addition, we additionally provide expats entry to free articles the place they will get helpful advice once they travel to the talked about Asian countries. The web site additionally comes with hyperlinks to dependable on-line casinos that grants unique bonuses and promotions. Located in Walker Hill Hotel in East Seoul, this 24-hour on line casino presents a fantastic venue to play cards, slots, and even table video games whereas offering an attractive, sweeping view of the Han River. As a method to earn from tax revenues, South Korea allows casinos to remain open for business however their clients can solely be foreigners. The 점보카지노 region has 18 casinos however only one is legally open for their locals and this one is situated in the distant and hard-to-access Gangwon Province the place the 2018 Olympics was held.