daniel:// stenberg://Jul 9

"Arbitrary File Read via file:// Protocol in cURL"

Well, you see... 🤦‍♂️

Show threadBojidar Marinov
@bagder As long as you don't accept redirects to file:// I can't see it 🥲 😂
Jul 9 at 7:07amWeb
Show thread64kbJul 9
@bojidar_bg @bagder ooh, now there's an idea. You can imagine some Web 1.0 tool that works this way, maybe even a cURL like tool, where that's ultimately how files are accessed that are represented by http.
Show threadtrusty falxter 🧠Jul 9

@bojidar_bg @bagder

Anakin: curl's accepting all redirects
Padme: All but to file://, right?

Show threadF4GRX SébastienJul 9

@flxtr @bojidar_bg @bagder

Anakin: ...

Show threadtrusty falxter 🧠Jul 9
@f4grx @bojidar_bg @bagder
Padme: Right? 😦
Show threadF4GRX SébastienJul 9

@flxtr @bojidar_bg @bagder

Right. Just tested it and it does not redirect (because of course)

Show threadtrusty falxter 🧠Jul 9
@f4grx @bojidar_bg @bagder I wouldn't have expected anything else. I just didn't want to let the joke go.
Show threadBojidar MarinovJul 9
@f4grx @flxtr Gah! What a waste of a perfectly good _theoretical_ vulnerability 😂