Gitlab.com wrong process with the directory that has "#"
HackerOne report #789394 by cccaaasser
on 2020-02-05, assigned to @dcouture:
Summary
Gitlab.com misunderstand about #
symbol. If anyone create a directory with #
, it will not process any character behide it. With this issue attacker can create a fake directory to trick other contributor to edit file with misunderstanding.
Steps to reproduce
-
Create a new file and directory. In this case we the directory named
FirstDirectory
-
Back to root path and create a new directory with the name same as previous but add `# behind
-
Check the file in
FirstDirectory
you will see it has onlytest.md
Examples
You can see the example at: https://gitlab.com/cccaaasser/test-sharp
What is the current bug behavior?
Click FirstDirectoty#
directory and it browse to https://gitlab.com/cccaaasser/test-sharp/-/tree/master/FirstDirectory#
What is the expected correct behavior?
Click FirstDirectoty#
directory it must browse to https://gitlab.com/cccaaasser/test-sharp/-/tree/master/FirstDirectory%23
Output of checks
This bug happens on Gitlab create project
Tested On
Google Chrome Version 80.0.3987.87
Note: this bug may out-of-scope, but this issue can trick any user on internet by redirected to other directory
Impact
Attacker can create fake directory to redirected other contributor to edit file with misunderstanding.
Attachments
Warning: Attachments received through HackerOne, please exercise caution!