Dustin L. Howett"curl does not support an option called `-guid`, but if it did, somebody writing a shell script might use it wrong. Clearly this is a security bug in curl" ???
What the hell did I just read?
(h/t to @bagder for linking to curl's hackerone, for additional hilarious reading material)
curl disclosed on HackerOne: Internal application wrapper or script...
While -guid is not a standard or documented curl command, a Command Injection or Argument Injection vulnerability within a specific application that wraps curl. Security Analysis: curl -guid -url example.com 1. Status of the "-guid" FlagUndocumented/Non-existent: The official curl binary does not recognize a -guid flag. Standard versions will return an "unrecognized option" error.Custom...
bicebird 