28 Aug
2013
28 Aug
'13
5:22 a.m.
On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote:
GET /index.php?file=../../../../../../../etc/passwd
Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent.
No, you can't be sure. That request could quite well be totally legitimate; you are not in a position to judge for the site owner. (I'm just fighting against a 'transparent proxy' that thinks POST with more than 1000 bytes are evil. Please don't add more points of failure to an already fragile web.) Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800