|
|
|
|
|
|
by matharmin
2921 days ago
|
|
|
This attack doesn't need control over the victim's DNS server. It uses attacker-controlled domain names to access private IPs via XHR. The DNS rebinding bypasses the standard CORS protection (without this protection the attacker could've used the IP directly). This attack is very easy to protect against (validate the Host header), but lots of IOT devices don't do this. |
|
|