0.0.0.0 Day: Exploiting Localhost APIs From the Browser (Oligo Security)
The Oligo Security blog https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
a web-browser vulnerability that has been named "0.0.0.0 day". In short,
browsers will allow JavaScript code to open connections to the all-zeroes
IPv4 address; the result is that any port that is open on the local host
can be accessed by a remote site. "When services use localhost, they
assume a constrained environment. This assumption, which can (as in the
case of this vulnerability) be faulty, results in insecure server
implementations."
https://lwn.net/Articles/984838/
Oddbean new post about login | logout