CVEs-PoC/2017/CVE-2017-6199.md

CVE-2017-6199

Description

A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.

POC

Reference

• https://github.com/sandstorm-io/sandstorm/blob/v0.202/shell/packages/sandstorm-db/db.js#L1112
• https://sandstorm.io/news/2017-03-02-security-review

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/lnick2023/nicenice
• https://github.com/qazbnm456/awesome-cve-poc
• https://github.com/xbl3/awesome-cve-poc_qazbnm456