IPv6 IPs with :: trigger DNS rebinding
When browsing to an IPv6 IP containing :: the DNS rebinding check is triggered as the :: causes part of the IP to be dropped before it's checked.
On line 66 in auth.inc, [2101:170:f2f2:1::2] becomes only 2101:170:f2f2:1: where it should be 2101:170:f2f2:1::2.
Updated by Seth Mos over 10 years ago
Confirmed that without a alternate port you do in fact trigger a DNS rebinding attack.
Found another gem related to this.
The changes have been applied successfully.
One moment...redirecting to http://[2001/system_advanced_admin.php in 20 seconds.
Note that the IP address here is incorrect