.@mikewest re https://wicg.github.io/cors-rfc1918/ : see https://blog.lizzie.io/exploiting-CVE-2016-8606.html … (by @l_zzi_) - cross-protocol RCE via request path
the OPTIONS request that checks whether the server opts in would already trigger the RCE @l_zzi_
-
-
because CORS preflights still send the path
@l_zzi_ -
: It surprises me that the server would both respond to OPTIONS and use the same code path to do so. Not a great idea. :(
@l_zzi_ - 3 more replies
New conversation -
-
-
: Ah, well. That’s fairly terrible. It’s not clear what we can/should do about that kind of broken behavior.
@l_zzi_ -
pre-preflight without any user-controlled headers for nonstandard ports? "hi, are you an HTTP server?"
@l_zzi_ - 1 more reply
New conversation -
-
-
: Preventing any communication to non-default ports would prevent more than one server running on localhost, for instance.
@l_zzi_Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.