U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
NGINX fixed the security issue that @francisco_oca and I found recently.
See our report: https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf …
The fix was made public here:
https://hg.nginx.org/nginx/rev/d0d6cf5031a3 …
We found various places that provided recommended configurations that are vulnerable.
If you use the NGINX ingress controller for Kubernetes with the auth URL feature, you are vulnerable to potential HTTP request smuggling/splitting. There are security products on the market that are using this feature too that are vulnerable.
https://github.com/kubernetes/ingress-nginx/pull/4859/files … Issue fixed by using a named location in the NGINX ingress controller!
@albinowax I found this with your HTTP request smuggling Burp Suite extension. Thank you!
Your DEF CON talk was great too, and the Burp Suite extension ispic.twitter.com/AvmCOfuoPn
Thank you!
I'm sorry. Why not just do curl -H "Host: notlocalhost" "http://example.org/_hidden/index.html …"?
The point is to smuggle the request past a front end load balancer for example.
The links to the Kubernetes, Vestia and the other are not working! Thanks! Do you have an example of the Kubernetes bypass?
Well done
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
