Next time I need to hire a hacker, I will ask you. Seriously though it is very useful being informed of vulnerabilities like this. I am a very experienced programmer but new to web design, so this is all valuable to understand.
Thanks Peter On Aug 16, 2:50 pm, Anthony <abasta...@gmail.com> wrote: > On Tuesday, August 16, 2011 9:41:17 AM UTC-4, peter wrote: > > > The URL I gave in the example happens behind the scenes, so it does > > not get displayed to the user. > > That's good, but note that an attacker could look at your HTML/Javascript > source code or watch the outgoing requests from your application, observe > the structure of your URLs, and still put together a directory traversal > attack, so be careful. > > Anthony
