zlacker

[parent] [thread] 7 comments
1. booi+(OP)[view] [source] 2026-02-03 21:22:30
Where would this happen? I have never seen an API reflect a secret back but I guess it's possible? perhaps some sort of token creation endpoint?
replies(6): >>Tepix+d1 >>ptx+o1 >>tptace+o8 >>manana+tb >>tczMUF+SR >>saghm+Pu1
2. Tepix+d1[view] [source] 2026-02-03 21:28:21
>>booi+(OP)
HTTP Header Injection or HTTP Response Splitting is a thing.
3. ptx+o1[view] [source] 2026-02-03 21:29:32
>>booi+(OP)
How does the API know that it's a secret, though? That's what's not clear to me from the blog post. Can I e.g. create a customer named PLACEHOLDER and get a customer actually named SECRET?
replies(1): >>adastr+3T
4. tptace+o8[view] [source] 2026-02-03 22:05:51
>>booi+(OP)
It depends on where you allow the substitution to occur in the request. It's basically "the big bug class" you have to watch out for in this design.
5. manana+tb[view] [source] 2026-02-03 22:22:27
>>booi+(OP)
Say, an endpoint tries to be helpful and responds with “no such user: foo” instead of “no such user”. Or, as a sibling comment suggests, any create-with-properties or set-property endpoint paired with a get-propety one also means game over.

Relatedly, a common exploitation target for black-hat SEO and even XSS is search pages that echo back the user’s search request.

6. tczMUF+SR[view] [source] 2026-02-04 02:46:50
>>booi+(OP)
This is effectively what happened with the BotGhost vulnerability a few months back:

>>44359619

◧◩
7. adastr+3T[view] [source] [discussion] 2026-02-04 02:57:44
>>ptx+o1
This blog post is very clearly AI generated, so I’m not sure it knows either.
8. saghm+Pu1[view] [source] 2026-02-04 08:46:48
>>booi+(OP)
The point is that without semantic knowledge, there's no way of knowing whether the API actually considers it a secret. If you're using the Github API and have it listed as an approved host but the sandbox doesn't predefine which fields are valid or not to include the token, a malicious application could put the placeholder in the body of an API request making a public gist or something, which then gets replaced with the actual secret. In order to avoid this, the sandbox would need some way of enforcing which fields in the API itself are safe. For a widely used API like Github, this might be something built-in, but to support arbitrary APIs people might want to use, there would probably have to be some way of configuring the list of fields that are considered safe manually.

From various other comments in this thread though, it sounds like this is already well-established territory that past tools have explored. It's not super clear to me how much of this is actually implemented for Deno Sandboxes or not though, but I'd hope they took into account the prior art that seems to have already come up with techniques for handling very similar issues.

[go to top]