I've made a few changes in my software, use Base64 instead of numerical values, now I'm getting the following error: "Nonce must be 1-64 characters long and consist only of Base64 characteres"
Whih is really odd, since my string has only 51 chars and all chars are valid within the Base64 group.
If I remove the padding ("=") then it's good to go, however, there is a string in the scoreboard with "=" in it (garethgeorge/AHQAAAHPe0Q=)
Did the user bypassed the javascript check using curl or something?
Also, this could use some adjustments:
const nonceRegex = /^[A-Za-z0-9+/]{1,64}$/;
if (!nonceRegex.test(nonce)) {
alert('Nonce must be 1-64 characters long and consist only of Base64 characters');
return false;
}
Personally, I would use const nonceRegex = /^[A-Za-z0-9+/]{1,64}(={0,2})$/;
The site owner changed equals from accidentally-allowed to forbidden, but left any existing solutions using it. See comment and reply here: https://www.hackerneue.com/item?id=40724707
Whih is really odd, since my string has only 51 chars and all chars are valid within the Base64 group.
If I remove the padding ("=") then it's good to go, however, there is a string in the scoreboard with "=" in it (garethgeorge/AHQAAAHPe0Q=)
Did the user bypassed the javascript check using curl or something?
Also, this could use some adjustments:
Personally, I would use const nonceRegex = /^[A-Za-z0-9+/]{1,64}(={0,2})$/;