|
|
|
|
|
|
by chuckadams
382 days ago
|
|
|
Some devices don't bother to limit the size of the GET, which can enable a DOS attack at least, a buffer overflow at worst. But I think the most typical vector is a form-data POST, which isn't CSRF-protected because "it's on localhost so it's safe, right?" I've been that sloppy with dev servers too. Usually not listening on port 80 but that's hardly Ft Knox. |
|
|