Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
she hacked you (ekis@mastodon.social)'s status on Wednesday, 18-Dec-2024 16:53:17 JST she hacked you

Don't have time for a banner grab but still interested in basic info about a server?
Well taking advantage of a server's inability to process '%' b/c it expects two hex digits to follow; in many cases it errors
Preventing this from happening is actually easy
It requires an essential secure programming principle: verify, validate, and sanitize your input
This principle should be applied to EVERY input, and yes the URL is input
#infosec #security #it #sysadmin #tech #development #programming
In conversation about 2 months ago from mastodon.social permalink
Attachments
1. Using /% you can generate an error on many servers, and when they have not bothered to hide information it can be revealing.
  https://files.mastodon.social/media_attachments/files/111/545/546/862/269/623/original/47c2ab6794524a6c.png
- Embed this notice
  she hacked you (ekis@mastodon.social)'s status on Wednesday, 18-Dec-2024 16:53:17 JST she hacked you
  in reply to
  
  You would think 11.4 billion USD a year would get you secure hosting x_x
  
  In conversation about 2 months ago permalink
- Embed this notice
  Victor Zambrano (argonaut@mastodon.social)'s status on Thursday, 19-Dec-2024 00:43:35 JST Victor Zambrano
  in reply to
  
  @ekis 🤣
  
  In conversation about 2 months ago permalink

Feeds