ndw’s avatarndw’s Twitter Archive—№ 33,788

  1. It's easy to forget that formal public identifiers are a convention. You can put any string you like in there. That makes the System.Xml.UriResolver public ID exploit a little more straightforward. Luckily it can only be used for XML documents, so /etc/passwd is safe. I think.
    On twitter.com Twitter logo ndw’s avatar ❤️ 3 Favorites Mood +4 🙂