The curl quirk that exposed Burp Suite and Google Chrome
Original Post:
We discussed this vulnerability during Episode 201 on 03 April 2023
When using curl, if the --data-raw
argument starts with a @
it will be treated as a filename and the file itself will be included as the data of the request. This sort of bug would be hard to exploit in the context of Burp and Chrome, requiring a victim to “Copy as cURL” a malicious request in the first place, and then run it. But its also a chance to call out that feature of curl, might come in handy in some other exploit.