On Wed, 28 Aug 2013 07:22:16 +0200 Andreas Krey a.krey@gmx.de allegedly wrote:
On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote:
GET /index.php?file=../../../../../../../etc/passwd
Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent.
No, you can't be sure. That request could quite well be totally legitimate; you are not in a position to judge for the site owner.
Absolutely true. I could be using tor to test my own website's security mechanisms. In fact, I /have/ used tor to test my own websites......
Best
Mick ---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------