這章很有意思,特別是 Canonical Web-Based Issues。為什麼會發生呢?
- Many applications make security decisions based on the name of a URL, or a component of a URL.
- There are many ways of representing URL.
例子:某 security software 有這個漏洞,大家可以鑽鑽看。怎麼鑽?把 blocked domain name 轉成 IP 就不會被擋,超有趣的。
Remarks.
- 把 IP 再轉成 dotless IP 也不會被擋。(參考 Something about Dotless IP's)
- Exercise: Try URL encoding.
沒有留言:
張貼留言