Careful with uploaded files too. For example, you could craft a javascript file starting with "GIF89", and pass to an upload script as an image, but then serve it as a script, gaining xss permissions.
Similarly, php sessions have a fallback url rewrite functionality for when cookies are disabled. User A grabs a rewritten url and passes it to User B eg by forum post. User B inherits that session and any action they perform on the site is shared with User A. Eg login. (May be a thing of the past, but a programmer could re-enable thinking its a good thing)
Careful with uploaded files too. For example, you could craft a javascript file starting with "GIF89", and pass to an upload script as an image, but then serve it as a script, gaining xss permissions.
Similarly, php sessions have a fallback url rewrite functionality for when cookies are disabled. User A grabs a rewritten url and passes it to User B eg by forum post. User B inherits that session and any action they perform on the site is shared with User A. Eg login. (May be a thing of the past, but a programmer could re-enable thinking its a good thing)
That's a good addition.
thank you for sharing✨😊