.@mikewest re https://wicg.github.io/cors-rfc1918/ : see https://blog.lizzie.io/exploiting-CVE-2016-8606.html … (by @l_zzi_) - cross-protocol RCE via request path
-
-
did you make any suggestions regarding extra care for non-default port servers in private IP ranges?
@l_zzi_2 replies 0 retweets 0 likes -
because CORS preflights still send the path
@l_zzi_1 reply 0 retweets 0 likes -
this is about *cross-protocol* attacks. the server basically just ignores anything it doesn't understand, incl. the verb.
3 replies 0 retweets 0 likes
8:08 AM - 18 Oct 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.