Back to directory
WRITEUP #1533

Escaping misconfigured VSCode extensions

XSSPath traversalDNS rebindingHTML injectionWebviewCSP bypass
byVasco Franco
Bounty
7,500
Program
Microsoft (SARIF viewer & Live Preview)
Published
Feb 21, 2023
Added to HackDex
Feb 22, 2023
Read Full Writeuphttps://blog.trailofbits.com/2023/02/21/vscode-extension-escape-vulnerability/
RELATED WRITEUPS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass
Type confusion attacks in ProseMirror editors
XSSType confusion
Directory Traversal, SQL Injection and Server-Side Request Forgery
SQL InjectionPath traversal
Self-XSS to ATO via Site Features
XSSSelf-XSS
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS

Built with ❤️ by Shubham Rawat