Malicious URL ? https://[::]/
Dag-Erling Smørgrav
des at des.no
Tue Jan 23 22:18:31 UTC 2018
Dag-Erling Smørgrav <des at des.no> writes:
> Basically the IPv6 equivalent of https://127.0.0.1/. “[::]” is the
> bracketed literal representation of the IPv6 localhost address.
Hang on a sec — localhost should be [::1], not [::], which is the
equivalent of 0.0.0.0. My guess is a software bug. Jails look a little
weird from the inside unless you use a fully virtualized network stack.
The proxy probably doesn't have sufficient error checking around
getpeername() or something like that.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list