Careful with uploaded files too. For example, you could craft a javascript file starting with "GIF89", and pass to an upload script as an image, but then serve it as a script, gaining xss permissions.
Similarly, php sessions have a fallback url rewrite functionality for when cookies are disabled. User A grabs a rewritten url and passes it to User B eg by forum post. User B inherits that session and any action they perform on the site is shared with User A. Eg login. (May be a thing of the past, but a programmer could re-enable thinking its a good thing)
GitHub Campus Expert🚩 || Beta MLSA ||
Promoting & sharing educative tips & resources from Devs💻 and for Devs💻| Buy me a ☕
https://www.buymeacoffee.com/qbentil
Careful with uploaded files too. For example, you could craft a javascript file starting with "GIF89", and pass to an upload script as an image, but then serve it as a script, gaining xss permissions.
Similarly, php sessions have a fallback url rewrite functionality for when cookies are disabled. User A grabs a rewritten url and passes it to User B eg by forum post. User B inherits that session and any action they perform on the site is shared with User A. Eg login. (May be a thing of the past, but a programmer could re-enable thinking its a good thing)
That's a good addition.
thank you for sharing✨😊