Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Homograph attack #13920
Hello Kraken, I have found another interesting bug in the API key's list.
Bug: Homograph attack.
Description: Please refer https://en.wikipedia.org/wiki/Internationalized_domain_name to know more about IDNs.
When such an IDN is present on profile (for ex if your follower is having access to see your profile). ,it displays IDN in Unicode. It would be safer to represent the Punycode version of the URL so that it would be apparent to the users that something wierd is going on. i.e show http://xn--eby-7cd.com/ instead of http://ebаy.com/
Note: Since hackerone already fixed this issue, you will bot say ebay site in this report, because it is filtering the unicode characters. you can follow up with the screenshot attached or you can ask me for more information.