BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 Jul 23 2016 08:11PM
mgill c0ffee me
Observation:
Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context.

Proof of Concept:
The fol...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus