I can't find any bugtracker in lynx ,so i will disclose by this mail and sent to the author [email protected].
redrain ([email protected]) Date:2016-11-03 Version: 2.8.8pre.4、2.8.9dev.8 and earlier Platform: Linux and Windows Vendor: http://lynx.browser.org/ Vendor Notified: 2016-11-03 VULNERABILITY ------------------------- Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. Passing in `*http://[email protected]/ <http://[email protected]/>*` <http://example.com/#@evil.com/x.txt> would wrongly make lynx send a request to hackdog.me while your browser would connect to google.com given the same URL. PoC ------------------------ lynx "http://[email protected]/"; SOLUTION ------------------------- follow the RFC and check for domains before send request. Regards, redrain _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
