Author Nam.Nguyen
Recipients Nam.Nguyen
Date 2017-05-29.04:04:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1496030652.64.0.90102082916.issue30500@psf.upfronthosting.co.za>
In-reply-to
Content
Reported by Orange Tsai:

==========
Hi, Python Security Team

import urllib
from urlparse import urlparse

url = 'http://127.0.0.1#@evil.com/'
print urlparse(url).netloc          # 127.0.0.1
print urllib.urlopen(url).read()    # will access evil.com


I have tested on the latest version of Python 2.7.13.
==========
History
Date User Action Args
2017-05-29 04:04:12Nam.Nguyensetrecipients: + Nam.Nguyen
2017-05-29 04:04:12Nam.Nguyensetmessageid: <1496030652.64.0.90102082916.issue30500@psf.upfronthosting.co.za>
2017-05-29 04:04:12Nam.Nguyenlinkissue30500 messages
2017-05-29 04:04:11Nam.Nguyencreate