Lorenzo Leonardini
@pianka.it
Computer scientist, cybersecurity guy, wannabe musician
You might know me as "pianka"
CTF player with @aboutblankets
🔗 https://sec.leonardini.dev
You might know me as "pianka"
CTF player with @aboutblankets
🔗 https://sec.leonardini.dev
Took me a while, but here is the full article!
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
February 28, 2025 at 8:49 PM
Took me a while, but here is the full article!
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
Currenly playing around with Bun's URL parser, and I must say it's pretty fun. It's not vulnerable as it's never used raw, but expect a few GH issues and a blog post about it.
Spoiling the least interesting quirk to keep you on your toes :)
Hopefully I'm not ruining anybody's future challenge :')
Spoiling the least interesting quirk to keep you on your toes :)
Hopefully I'm not ruining anybody's future challenge :')
January 2, 2025 at 3:34 PM
Currenly playing around with Bun's URL parser, and I must say it's pretty fun. It's not vulnerable as it's never used raw, but expect a few GH issues and a blog post about it.
Spoiling the least interesting quirk to keep you on your toes :)
Hopefully I'm not ruining anybody's future challenge :')
Spoiling the least interesting quirk to keep you on your toes :)
Hopefully I'm not ruining anybody's future challenge :')
TIL that in Go this snippet produces `/foo/bar`, and... I feel like that's.. wrong..?
The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)
Does anyone have any insight on this?
The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)
Does anyone have any insight on this?
December 28, 2024 at 12:51 PM
TIL that in Go this snippet produces `/foo/bar`, and... I feel like that's.. wrong..?
The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)
Does anyone have any insight on this?
The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)
Does anyone have any insight on this?
Yesterday my first PHP CVE was published: CVE-2024-11234. In some specific configurations, this vulnerability could allow for CRLF injection when using stream contexts.
sec.leonardini.dev/blog/cve-202...
Many thanks to @minimalblue.bsky.social for reviewing my original report
sec.leonardini.dev/blog/cve-202...
Many thanks to @minimalblue.bsky.social for reviewing my original report
CVE-2024-11234: Configuring a proxy in a PHP stream context might allow for CRLF injection in URIs 🐘
A vulnerability in PHP might allow an attacker to perform SSRF attacks when unsanitized user-controlled data is used in stream functions if a proxy is used.
sec.leonardini.dev
November 22, 2024 at 11:04 PM
Yesterday my first PHP CVE was published: CVE-2024-11234. In some specific configurations, this vulnerability could allow for CRLF injection when using stream contexts.
sec.leonardini.dev/blog/cve-202...
Many thanks to @minimalblue.bsky.social for reviewing my original report
sec.leonardini.dev/blog/cve-202...
Many thanks to @minimalblue.bsky.social for reviewing my original report
Reposted by Lorenzo Leonardini
Sharing CVE-2024-11234 affecting PHP. This vulnerability could lead to CRLF injection when using Stream Contexts under certain conditions. Discovered and reported by @p1anka.bsky.social, I only reviewed the report some time ago!
github.com/php/php-src/...
github.com/php/php-src/...
Configuring a proxy in a stream context might allow for CRLF injection in URIs
### Summary
Configuring a proxy in a [stream context](https://www.php.net/manual/en/stream.contexts.php) might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks.
#...
github.com
November 21, 2024 at 6:36 PM
Sharing CVE-2024-11234 affecting PHP. This vulnerability could lead to CRLF injection when using Stream Contexts under certain conditions. Discovered and reported by @p1anka.bsky.social, I only reviewed the report some time ago!
github.com/php/php-src/...
github.com/php/php-src/...