Can't I just get the data, without it being turned into objects?
We'll use this mechanism to convert tagged nodes to almost-native types, while preserving the tags.It's likely possible to handle [undefined tag prefixes and undefined aliases] in a way similar to how we handled undefined tags
A very clear and detailed article!
adversaries can attack the encoding of source code files to inject vulnerabilities
The trick is to use Unicode control characters to reorder tokens in source code at the encoding level.
il est facile, en utilisant de multiples sites web, de deviner des numéros de carte bancaire valides, et de deviner également les dates d'expiration et le CVV (cryptogramme visuel).
Visiblement, le système VISA est sensible à ce genre d'attaque, mais pas MasterCard.
Le principe consiste à entrer le numéro de carte sur de multiples sites web, et d'essayer de commander
Source : https://sebsauvage.net/links/
- XML internal entities
- Billion laughs attack / quadratic blowup
- XML external entity (XXE)
Just relaying the information about this "ShellShock" vulnerability:
This seems to affect Apache, sshd, DHCP clients and even potentially git.
TL;DR here is how to check your Bash version
env x='() { echo Never called; }; echo YOUR BASH IS VULNERABLE …