|
|
|
|
|
|
by seanwilson
1822 days ago
|
|
|
> I wouldn't say this particularly needs it; there isn't any user data at all.
> I suppose without TLS it could be intercepted and modified to return a malicious bash command, or something A hacked version doesn't have to return a variation of what's on the page already. There's lots of sneaky things you could return, like a malware download pretending to be a Bash PS1 setup script, a fake GitHub based sign-up to harvest login details, a payment form for a fake product, or a simple redirect to another malicious site. |
|
|