Message294667
Reported by Orange Tsai:
==========
Hi, Python Security Team
import urllib
from urlparse import urlparse
url = 'http://127.0.0.1#@evil.com/'
print urlparse(url).netloc # 127.0.0.1
print urllib.urlopen(url).read() # will access evil.com
I have tested on the latest version of Python 2.7.13.
========== |
|
Date |
User |
Action |
Args |
2017-05-29 04:04:12 | Nam.Nguyen | set | recipients:
+ Nam.Nguyen |
2017-05-29 04:04:12 | Nam.Nguyen | set | messageid: <1496030652.64.0.90102082916.issue30500@psf.upfronthosting.co.za> |
2017-05-29 04:04:12 | Nam.Nguyen | link | issue30500 messages |
2017-05-29 04:04:11 | Nam.Nguyen | create | |
|