授权头泄露 on 办公AI智能小助手 https://blog.qife122.com/tags/%E6%8E%88%E6%9D%83%E5%A4%B4%E6%B3%84%E9%9C%B2/ Recent content in 授权头泄露 on 办公AI智能小助手 Hugo zh-cn qife Sat, 20 Sep 2025 00:40:19 +0800 Curl --location-trusted 选项导致授权头跨域泄露漏洞分析 https://blog.qife122.com/p/curl--location-trusted-%E9%80%89%E9%A1%B9%E5%AF%BC%E8%87%B4%E6%8E%88%E6%9D%83%E5%A4%B4%E8%B7%A8%E5%9F%9F%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Sat, 20 Sep 2025 00:40:19 +0800 https://blog.qife122.com/p/curl--location-trusted-%E9%80%89%E9%A1%B9%E5%AF%BC%E8%87%B4%E6%8E%88%E6%9D%83%E5%A4%B4%E8%B7%A8%E5%9F%9F%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ <h1 id="authorization-header-leak-via-location-trusted-in-curl">Authorization Header Leak via &ndash;location-trusted in Curl</h1> <h2 id="漏洞概述">漏洞概述</h2> <p>Curl的<code>--location-trusted</code>选项在跟随跨域重定向时会转发Authorization头,将Basic认证凭据暴露给不可信的主机。</p> Curl --location-trusted 选项导致授权头跨域泄露漏洞分析 https://blog.qife122.com/p/curl--location-trusted-%E9%80%89%E9%A1%B9%E5%AF%BC%E8%87%B4%E6%8E%88%E6%9D%83%E5%A4%B4%E8%B7%A8%E5%9F%9F%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Thu, 18 Sep 2025 01:46:00 +0800 https://blog.qife122.com/p/curl--location-trusted-%E9%80%89%E9%A1%B9%E5%AF%BC%E8%87%B4%E6%8E%88%E6%9D%83%E5%A4%B4%E8%B7%A8%E5%9F%9F%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ <h1 id="authorization-header-leak-via-location-trusted-in-curl">Authorization Header Leak via &ndash;location-trusted in Curl</h1> <h2 id="漏洞概述">漏洞概述</h2> <p>Curl的&ndash;location-trusted选项在跟随跨域重定向时会转发Authorization头,将Basic认证凭证暴露给不可信的主机。</p>