curl disclosed on HackerOne: Argument Injection via curl Short-Flag...

This report details how the curl -os command facilitates an Argument Injection vulnerability in applications that wrap the curl command-line tool. The specific command curl -os /etc/passwd --url http://example.com demonstrates a subtle but dangerous behavior. Because -s (silent) follows -o (output), curl expects the very next string to be the filename.In this scenario:The -o flag consumes the...