๐ curl: Credential leak when use two url
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: Curl can leak user credentials if use two url. Steps To Reproduce: curl -I -v -u aaa:bbb hackerone.com curl.se the output is: Connected to hackerone.com (104.16.100.52) port 80 (#0) Server auth using Basic with user 'aaa' HEAD / HTTP/1.1 Host: hackerone.com Authorization: Basic YWFhOmJiYg== User-Agent: curl/7.83.1 Accept: / Connection #0 to host hackerone.com left intact Trying 151.101.65.91:80... Connected to curl.se (151.101.65.91) port 80 (#1) Server auth using Basic with user 'aaa' HEAD / HTTP/1.1 Host: curl.se Authorization: Basic... ...