.@mikewest re https://wicg.github.io/cors-rfc1918/ : see https://blog.lizzie.io/exploiting-CVE-2016-8606.html … (by @l_zzi_) - cross-protocol RCE via request path
did you make any suggestions regarding extra care for non-default port servers in private IP ranges? @l_zzi_
-
-
: In a world where we implemented that documents restrictions, private servers shouldn’t opt-in to talking to the world.
@l_zzi_ -
the OPTIONS request that checks whether the server opts in would already trigger the RCE
@l_zzi_ - 5 more replies
New conversation -
-
-
: Not sure that answers your question?
@l_zzi_Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.