Thirdparty site authorization header leak in mirror/wget

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Thirdparty site authorization header leak in mirror/wget

From:	王念
Subject:	Thirdparty site authorization header leak in mirror/wget
Date:	Thu, 09 Jun 2022 17:12:40 +0800

wget does not filter the redirected request header, and will pass the 
Authorization request header of the first request to the redirected service, 
resulting in the leakage of the Authorization request

[Prev in Thread]

Current Thread

[Next in Thread]

Thirdparty site authorization header leak in mirror/wget, 王念 <=

Prev by Date: [bug #62586] Warning given every time wget runs: “.netrc:..: unknown token” when a password contains quotes
Next by Date: Vulnerability report: third party site credentials leak when redirect in wget
Previous by thread: wget crashes on a recursive download of my city's website
Next by thread: Vulnerability report: third party site credentials leak when redirect in wget
Index(es):
- Date
- Thread