Y
Hacker News
new
|
ask
|
show
|
jobs
by
tptacek
3998 days ago
Isn't this a little like suggesting that it's a vulnerability that someone can have a large <img> tag with a GIF of Facebook's login page on it?
1 comments
rlidwka
3998 days ago
If facebook allows you to put an arbitrarily large img tag onto any of the pages under its domain (so internal navigation could be hidden under it), then yes it is a valid attack vector.
link