undefined | Better HN

0 pointsgreenleafjacob9y ago0 comments

You can smuggle memcached text protocol over HTTP if you can insert a linefeed. I think tptacek meant "bad vulnerability" as in serious, not trivial.

0 comments

SSRF usually happens inside a request library that doesn't allow linefeeds. SSRF in general is serious, but HTTP GET SSRF is useless on most hosts.

j / k navigate · click thread line to collapse

0 pointsgreenleafjacob9y ago0 comments

You can smuggle memcached text protocol over HTTP if you can insert a linefeed. I think tptacek meant "bad vulnerability" as in serious, not trivial.

SSRF usually happens inside a request library that doesn't allow linefeeds. SSRF in general is serious, but HTTP GET SSRF is useless on most hosts.

j / k navigate · click thread line to collapse