25Ağu
Reproducing 0.0.0.0 Day
I was reading about 0.0.0.0 local server API access from Browser vulnerability - see 0.0.0.0 Day: Exploiting Localhost APIs From the Browser. Its relatively new and I haven't updated my browser either. When I try to access http://0.0.0.0:<any_port_that_i_am_listening_on> the browser says ERR_ADDRESS_INVALID. I get the same error when trying a simple XHR with javascript as well.
I have also come across few SE questions which indicate accessing an endpoint through 0.0.0.0 address is not possible in the first place (long before 0.0.0.0 day was announced). this this and this. So what am I missing here?
