(no title)
tmsbrg | 4 months ago
I guess any user can just run something /api/getdatabase/dumppasswords and it will give any user the passwords?
or /webapp?html=<script>alert()</script> and run arbitrary JS?
I'm surprised nobody mentioned that security is a big reason not to do anything like this.
No comments yet.