Y
Hacker News
new
|
ask
|
show
|
jobs
by
IshKebab
375 days ago
I think this can be circumvented by DNS rebinding, though your requests won't have the authentication cookies for the target, so you would still need some kind of exploit (or a completely unprotected target).
1 comments
MBCook
375 days ago
How? The browser would still have to resolve it to a final IP right?
link
IshKebab
375 days ago
I'm not sure what you mean but this explains it:
https://github.blog/security/application-security/localhost-...
link