Y
Hacker News
new
|
ask
|
show
|
jobs
by
ori_b
2675 days ago
Yes -- you may not be able to convince a program to download a file, but you may be able to tell it to use an improperly sanitized plugin name via a static, non-executable document that someone downloads and tries to view.