undefined | Better HN

0 pointsbenmmurphy13y ago0 comments

i actually lied :) there is #from_xml so if you were doing Hash.from_xml(params[:trololol]) or Post.from_xml(params[:lols]) then you would be vulnerable to localhost:3000 attack. but I don't think there is generic attack it would have to be application specific.

0 comments

homakov13y ago

you still needto bypass CSRF protection which is on by default

rmc13y ago

Yet.

j / k navigate · click thread line to collapse

0 pointsbenmmurphy13y ago0 comments

i actually lied :) there is #from_xml so if you were doing Hash.from_xml(params[:trololol]) or Post.from_xml(params[:lols]) then you would be vulnerable to localhost:3000 attack. but I don't think there is generic attack it would have to be application specific.

0 comments

homakov13y ago

you still needto bypass CSRF protection which is on by default

rmc13y ago

Yet.

j / k navigate · click thread line to collapse