|
|
|
|
|
|
by charleyc
370 days ago
|
|
|
If I've understood correctly, the last example (ATPA: Advanced Scenario) describes a scenario where the tool is legitimate but the server is compromised and data is leaked by returning a malicious error message. This scenario goes beyond "be careful what you install!" as it potentially makes even a GET request to a trusted website into an attack surface. It's like SQL injection writ large: every piece of text could be turned into malicious code at any moment. |
|
|