grepular: Abusing HTTP Status Codes to Expose Private Information

I think the title says it all. This is a really nice post from the Mike Cardwell’s blog about an interesting attack using status codes to disclose private info from sites such as Facebook or Gmail. [External Link]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.