Amit, :) This is not about who did it first. BTW, your example is broken. location.search does not include the fragment identifier.
Cheers On 2/7/07, Amit Klein <[EMAIL PROTECTED]> wrote: > pdp (architect) wrote: > > http://www.gnucitizen.org/blog/playing-in-large > > > > Basically this article is about how to squeeze more data into size > > restricted, unsanitized field. This technique can also be used to hide > > attackers activities. > > > It seems that you've stumbled upon something I already disclosed: > http://www.webappsec.org/lists/websecurity/archive/2005-10/msg00030.html > > Sorry... > -Amit > > -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/