Email or username:

Password:

Forgot your password?
Top-level
daniel:// stenberg://

I posted this image on LinkedIn as well, and the stats there tells me that Cisco is in fact now the third most common employing company among the viewers... (only beaten by AWS and Microsoft)

linkedin.com/posts/danielstenb

7 comments
eigenman :chickenroll:

@bagder Well that is a bit ridiculous now isn't it? 🤣

spmatich :blobcoffee:

@bagder does this qualify as code bloat? the user agent header is completely arbitrary and can be set to anything.
I mean why single out curl. Shouldn’t the nmap default user agent be in there too? etc etc

daniel:// stenberg://

@spmatich they singled out curl because the exploit proof of concept used curl. They stopped the example command line from working.

spmatich :blobcoffee:

@bagder so the exploit just needs an update to include setting the user agent header to something else right, and it could be one of many many many different strings.

daniel:// stenberg://

@spmatich ... and that is exactly why the "fix" is so fun!

Gen X-Wing

@bagder This makes me want to add a check for curl as the user agent, but only so it sends back a fun message as part of the return headers. Something harmless.

Go Up