|
|
|
|
|
|
by pacala
4905 days ago
|
|
|
> The value of a parameter id was reflected to the HTTP response The link you posted illustrates that it is unfortunate that Java supports reflection, and even more unfortunate that various "enterprise" software stacks abuse reflection in ever more creative ways. Stay away of Java reflection and/or use C/C++, and you'll avoid this kind of vulnerabilities. |
|
|