Y
Hacker News
new
|
ask
|
show
|
jobs
by
l_zzie
3538 days ago
It's not only a DNS rebind attack. I'm pretty sure in this case even a GET could get rce , so you don't even need to check the cors headers. You can just XHR.