|
|
|
|
|
|
by sebstefan
395 days ago
|
|
|
>DriverHub only responded to requests with the origin header set to “driverhub.asus.com”. So at least this software wasn’t completely busted and evil hackers can’t just send requests to DriverHub willy-nilly. >When I switched the origin to driverhub.asus.com.mrbruh.com, it allowed my request. One more CVE to developers validating URLs in some silly way Your language comes with a URL parser. Use it! You can't handle all the edge cases of the URL format by yourself. if ((new URL("https://user:password@driverhub.asus.com/whatever?q=whatever#whatever")).hostname === "driverhub.asus.com") { ... }
|
|
|