|
|
|
|
|
|
by l_zzie
3539 days ago
|
|
|
I don't think this is the same vulnerability. You don't even need to rebind DNS to do it, I believe: just make an XmlHTTPRequest. Your GET is considered code. The browser will get back a request that doesn't have a cors header and so not let you read it, but your code still executes. So there's no reason to be on the same origin, so DNS rebinding is unnecessary |
|
|