.@mikewest re https://wicg.github.io/cors-rfc1918/ : see https://blog.lizzie.io/exploiting-CVE-2016-8606.html … (by @l_zzi_) - cross-protocol RCE via request path
-
-
: It surprises me that the server would both respond to OPTIONS and use the same code path to do so. Not a great idea. :(
@l_zzi_ -
this is about *cross-protocol* attacks. the server basically just ignores anything it doesn't understand, incl. the verb.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.