Subscribe via feed.

Autobahn|Python Origin Header Manipulation

Posted by deepcore on July 27, 2016 – 5:56 am

Autobahn|Python incorrectly checks the Origin header when the ‘allowedOrigins’ value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser’s context. This is addressed in version 0.15.0.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »