| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTinz+2eVhMLuZLWmDGHxzMQ=oGH252bmQCygcFzd@mail.gmail.com>
Date: Fri, 25 Feb 2011 03:19:29 +0000
From: Peter Maxwell <peter@...icient.co.uk>
To: Security Conscious <securityconsciousguy@...il.com>,
full-disclosure@...ts.grok.org.uk
Subject: Re: Why should the presence of shebang (#!) freak
out ANY security conscious guy?
RFC3986 marks both # and ! as reserved characters (sec 2.2); from a skim
read, # is used for fragment identification (somewhere in sec 3) and there
is a small note on ! ' and " at the end of the document. More a standards
issue than a security issue.
Also, what he'd quoted !# is not the "shebang" used to guide unix shells,
which is #!, and also what you quoted.
On 23 February 2011 22:51, Security Conscious <
securityconsciousguy@...il.com> wrote:
> Could someone please have a look at these twitter posts:
>
> http://twitter.com/#!/achitnis/status/40444144992260096
>
> http://twitter.com/#!/achitnis/status/40447225658228736
>
> http://twitter.com/#!/achitnis/status/40450742326140928
>
> and explain why the presence of #! in URLs would freak out ANY security
> conscious guy?
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists