Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why should the presence of shebang (#!) freak out ANY security conscious guy?

From: Peter Maxwell <peter () allicient co uk>
Date: Fri, 25 Feb 2011 03:19:29 +0000
RFC3986 marks both # and ! as reserved characters (sec 2.2); from a skim
read, # is used for fragment identification (somewhere in sec 3) and there
is a small note on ! ' and " at the end of the document.  More a standards
issue than a security issue.

Also, what he'd quoted !# is not the "shebang" used to guide unix shells,
which is #!, and also what you quoted.




On 23 February 2011 22:51, Security Conscious <
securityconsciousguy () gmail com> wrote:


Could someone please have a look at these twitter posts:

http://twitter.com/#!/achitnis/status/40444144992260096

http://twitter.com/#!/achitnis/status/40447225658228736

http://twitter.com/#!/achitnis/status/40450742326140928

and explain why the presence of #! in URLs would freak out ANY security
conscious guy?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: