[issue32085] [Security] A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
Martin Panter
report at bugs.python.org
Sat Nov 25 20:00:28 EST 2017
Martin Panter <vadmium+py at gmail.com> added the comment:
The square □ in the strings represents a space.
Issue 1 (CRLF in HTTP request path): it looks like the %0D%0A would have to be decoded by an earlier step in the chain to "http://127.0.0.1:25/\r\nHELO . . .". This becomes like the header injection I mentioned in Issue 30458.
Issue 2 (CRLF in HTTPS host): it seems this doesn’t work in Python as a side effect of Issue 22928 blocking generation of the Host field. But if you add a space you bypass that: "https://host%0D%0A%20SLAVEOF . . .:6379".
----------
dependencies: +CRLF Injection in httplib
nosy: +martin.panter, orange
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32085>
_______________________________________
More information about the Python-bugs-list
mailing list