Full Disclosure mailing list archives
Re: Why should the presence of shebang (#!) freak out ANY security conscious guy?
From: Peter Maxwell <peter () allicient co uk>
Date: Fri, 25 Feb 2011 03:19:29 +0000
RFC3986 marks both # and ! as reserved characters (sec 2.2); from a skim read, # is used for fragment identification (somewhere in sec 3) and there is a small note on ! ' and " at the end of the document. More a standards issue than a security issue. Also, what he'd quoted !# is not the "shebang" used to guide unix shells, which is #!, and also what you quoted. On 23 February 2011 22:51, Security Conscious < securityconsciousguy () gmail com> wrote:
Could someone please have a look at these twitter posts: http://twitter.com/#!/achitnis/status/40444144992260096 http://twitter.com/#!/achitnis/status/40447225658228736 http://twitter.com/#!/achitnis/status/40450742326140928 and explain why the presence of #! in URLs would freak out ANY security conscious guy? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Why should the presence of shebang (#!) freak out ANY security conscious guy? Security Conscious (Feb 24)
- Re: Why should the presence of shebang (#!) freak out ANY security conscious guy? Dan Kaminsky (Feb 24)
- Re: Why should the presence of shebang (#!) freak out ANY security conscious guy? Peter Maxwell (Feb 24)