You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was trying to reproduce the bug in java using bin/requester/get.class where parse_url parses out google.com but readfile fetches evil.com in the url http:https://google.com#@evil.com/, but I wasn't able to do so.
I was able to reproduce that, that Java's net.URL was unable to parse out the host at all. That's an interesting finding! When you say that net.URL is vulnerable to host injection, did you mean this bug, that could lead to a DOS, or were you able to find vulnerabilities similar to php's parse_url vs curl? Which versions of Java was vulnerable?
The text was updated successfully, but these errors were encountered:
On the slide entitled "Big Picture" at https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf, it was indicated that Java net.URL is vulnerable to Host Injection issues.
I was trying to reproduce the bug in java using
bin/requester/get.classwhereparse_urlparses out google.com butreadfilefetches evil.com in the url http:https://google.com#@evil.com/, but I wasn't able to do so.I looked through your notes in
samples.txtand found that you mentioned "http:https://11.11.11.11@@22.22.22.22" is weird.I was able to reproduce that, that Java's
net.URLwas unable to parse out the host at all. That's an interesting finding! When you say thatnet.URLis vulnerable to host injection, did you mean this bug, that could lead to a DOS, or were you able to find vulnerabilities similar to php'sparse_urlvs curl? Which versions of Java was vulnerable?The text was updated successfully, but these errors were encountered: