Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why should the presence of shebang (#!) freak out ANY security conscious guy?

From: Dan Kaminsky <dan () doxpara com>
Date: Thu, 24 Feb 2011 18:49:51 -0800
It's change.  And change is scary.

(Seriously, nothing wrong with hashbang, except perhaps a slightly
increased risk of CSRF from people forgetting, yes, the web's broken
session management is still broken even with client side JS page
assembly.)

On Wed, Feb 23, 2011 at 2:51 PM, Security Conscious
<securityconsciousguy () gmail com> wrote:

Could someone please have a look at these twitter posts:
http://twitter.com/#!/achitnis/status/40444144992260096
http://twitter.com/#!/achitnis/status/40447225658228736
http://twitter.com/#!/achitnis/status/40450742326140928
and explain why the presence of #! in URLs would freak out ANY security
conscious guy?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: