@EnaWasHere @bjb @suprjami it's the @. Everything between http(s):// and @ in interpreted as a username and potentially a password, the part after the @ is the host and path.
Top-level
@EnaWasHere @bjb @suprjami it's the @. Everything between http(s):// and @ in interpreted as a username and potentially a password, the part after the @ is the host and path. 2 comments
@jribbens @EnaWasHere @bjb @suprjami I see, it's both the @ and the pseudo-slashes. Thanks for pinning that out. |
@dragonfrog @EnaWasHere @bjb @suprjami That's not quite right, the username/password part cannot contain (amongst other things) forward slashes. This attack is relying on using a unicode character that looks like a forward slash but isn't one.