I look forward to hearing from all the localhost experts explaining how dns rebinding is impossible. 
-
-
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
On the proof of concept, you used 20 seconds as the time between requests, but chrome keeps the DNS cache for a minimum of 60 secs even with a super low TTL?
-
Yep correct, but hard to guess when the entry was cached and checking earlier doesn't hurt. You can also force old records to be flushed with a lot of lookups, but I didn't implement that. Would be fun though

- 5 more replies
New conversation -
-
-
Hmm, that does not sound like a good solution.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
It seems like you keep finding daemons running on client machines written by people whose server-side coding skills are hot garbage. I wonder how many of them even recognize that they're writing server code.
-
Yep, it's my current pet hate. I think you're right, some don't realize that -
@mikewest is working on that. I think many do though, and are trying to workaround the fact that we killed npapi plugins
I wish I knew what the solution was there. - 3 more replies
New conversation -
-
-
isn't this merely remote config command execution, not shellcode?
-
No, it explains in the report how to upload and run arbitrary commands.
End of conversation
New conversation -
-
-
I suppose DNS rebinding could work on any 1918-address too, like my NAS on the local network...?
-
Yep, and surprisingly few developers know about it.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.