Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
SahAssar
8y ago
0 comments
Save
Share
The vulun is in the fact that the program blindly trusts incoming HTTP based only on a nonce being in both the body and a header.
0 comments
1 comments · 1 top-level
top
newest
oldest
benchaney
8y ago
No, the "vuln" is assuming that only users on the machine can access localhost. This is a completely reasonable assumption, and it is on the browsers for invalidating it.
j
/
k
navigate · click thread line to collapse
