[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Vulnerability Report - CRLF Injection in Wget Host Part
|
From: |
Dale R. Worley |
|
Subject: |
Re: [Bug-wget] Vulnerability Report - CRLF Injection in Wget Host Part |
|
Date: |
Mon, 06 Mar 2017 10:47:34 -0500 |
Orange Tsai <address@hidden> writes:
> # This will work
> $ wget 'http://127.0.0.1%0d%0aCookie%3a hi%0a/'
Not even considering the effect on headers, it's surprising that wget
doesn't produce an immediate error, since
"127.0.0.1%0d%0aCookie%3a hi%0a" is syntactically invalid as a host
part. Why doesn't wget's URL parser detect that? I'm sure the new
patch is an improvement, but it's surprising that the old code didn't
detect that was an invalid URL anyway, since it contains characters that
aren't permitted in those locations.
Dale
Re: [Bug-wget] Vulnerability Report - CRLF Injection in Wget Host Part,
Dale R. Worley <=