top | item 44221645

(no title)

charleyc | 8 months ago

If I've understood correctly, the last example (ATPA: Advanced Scenario) describes a scenario where the tool is legitimate but the server is compromised and data is leaked by returning a malicious error message.

This scenario goes beyond "be careful what you install!" as it potentially makes even a GET request to a trusted website into an attack surface. It's like SQL injection writ large: every piece of text could be turned into malicious code at any moment.

discuss

No comments yet.