Posted: Wed Aug 31, 2005 3:55 pm
I wasn't only talking about cookies, I was talking about the http request itself, and or anything in it. What if someone was inserting $_SERVER['HTTP_REFERER'] into a database, and forgot to escape it? Some programs for simulating headers require a valid URL there, what if an attacker formed an http request with data that needed escaping? There are countless things that should be treated as untrusted input, the http request included.Ambush Commander wrote:Telnet is only necessary when you need fine grained controls over exactly what headers are sent.