Hacker News new | past | comments | ask | show | jobs | submit login

Do the Microsoft links not work for anyone else too? I get a "Something went wrong" error on all the links. Would like to read more about specific vulns.



Microsoft is asking the user to enable Javascript. There is no technical reason in this case why Javascript is necessary.

https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/...

https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/...

https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/...

https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/...

https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/...

https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/...

https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/...

https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/...

To add insult to injury, Microsoft's server refuses to honour the Accept-Encoding header, e.g., setting the value to "identity" has no effect. It returns compressed content no matter what, even when the content size is very small.

To create a simple HTML page with all the info you need, no Javascript required

    sed '/^e/!s/^/url=/'<<eof|curl -K-|gzip -dc|sed 's/",/\"<br>/g;s/\\n//g' > 1.htm
    https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-33742
    https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31955
    https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31956
    https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-33739
    https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31201
    https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31199
    https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31959
    https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31963
    eof 
    firefox ./1.htm


   tnftp instead of curl
   
   ftp -4o'|zcat' $(printf "%s\40" $(cat<<eof
   https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-33742
   https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31955
   https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31956
   https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-33739
   https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31201
   https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31199
   https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31959
   https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31963
   eof
   ))|sed 's/",/\"<br>/g;s/\\n//g' > 1.htm;
   firefox ./1.htm


There is a technical reason: they want to track you.


s/you/members of the public/


I love your use of piped commands in your comment history, thanks so much for these examples.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: