|
|
|
|
|
|
by philsnow
2222 days ago
|
|
|
I agree about it being scary that the browser doesn't do more to prevent connections from from "localhost" to "not localhost". https://github.com/99designs/aws-vault/issues/578 was for an issue with remote servers accessing the localhost ec2 metadata service that aws-vault can run, that worked exactly by using DNS rebinding. It was fixed only a couple weeks ago, so it seems like this is a developing area and if I were on a red team or pen testing, I would play around with more. I visualize the "localhost hole" problem of blindly trusting localhost as an air gap in a pipe (like [0]); anybody could come along and either drop poison in the pipe, or redirect the water coming from the top to their own bucket, or both. [0] https://districtsales.ca/wp-content/uploads/2019/07/tru-gap-... |
|
|
