|
|
|
|
|
|
by thaumaturgy
4454 days ago
|
|
|
This seems like a bad idea. localtunnel.me is redirecting non-tunnel'd subdomains to its main page, while inactive tunnel'd subdomains return "localtunnel error: no active client for 'adbc'". So, with a little poking, you find that tunnel'd subdomains seem to be [a-z0-9]{4}.localtunnel.me ... which isn't too terribly large of a search space to crawl. If it gets popular, it should be easy to find works-in-progress that might give up access to the user's computer, or keys to prod, or any of the other stuff that people are a little sloppy about on their work machines. edit: I was wrong, I should've been a little more thorough. Looks like it's [a-z0-9]{4,10}.localtunnel.me, which is significantly larger. |
|
|