You thought you know IPv4 addresses? Let me tell you something:
YOU PROBABLY DON'T!
I learnt today that IP addresses can be shortened by dropping the zeroes.
http://18.104.22.168 → http://1.1
http://192.168.0.1 → http://192.168.1
This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
#infosec #bugbounty #bugbountytip
@markush boost without testing myself. Please validate if you can my tootlings.
@markush If I shorten 22.214.171.124 to 1.1.1, how does the sytem know that I'm not actually meaning 126.96.36.199?
@markush This is not really dropping of zeros, it's more an application of alternative forms of writing them. The form we all know is octet.octet.octet.octet, but octet.octet.16bits, octet.24bits and 32bits have also been in use (see <https://tools.ietf.org/html/draft-main-ipaddr-text-rep-02#section-2.1.1>). Try `ping 5.9.37744` ...
chaos.social - because anarchy is much more fun with friends.
chaos.social is a small Mastodon instance for and by the Chaos community surrounding the Chaos Computer Club. We provide a small community space - Be excellent to each other, and have a look at what that means around here.
Follow @ordnung for low-traffic instance-related updates.
The primary instance languages are German and English.