Full Disclosure mailing list archives
Re: Why should the presence of shebang (#!) freak out ANY security conscious guy?
From: Dan Kaminsky <dan () doxpara com>
Date: Thu, 24 Feb 2011 18:49:51 -0800
It's change. And change is scary. (Seriously, nothing wrong with hashbang, except perhaps a slightly increased risk of CSRF from people forgetting, yes, the web's broken session management is still broken even with client side JS page assembly.) On Wed, Feb 23, 2011 at 2:51 PM, Security Conscious <securityconsciousguy () gmail com> wrote:
Could someone please have a look at these twitter posts: http://twitter.com/#!/achitnis/status/40444144992260096 http://twitter.com/#!/achitnis/status/40447225658228736 http://twitter.com/#!/achitnis/status/40450742326140928 and explain why the presence of #! in URLs would freak out ANY security conscious guy? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Why should the presence of shebang (#!) freak out ANY security conscious guy? Security Conscious (Feb 24)
- Re: Why should the presence of shebang (#!) freak out ANY security conscious guy? Dan Kaminsky (Feb 24)
- Re: Why should the presence of shebang (#!) freak out ANY security conscious guy? Peter Maxwell (Feb 24)