Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
bawolff
on March 13, 2020
|
parent
|
context
|
favorite
| on:
Slack account takeovers using HTTP Request Smuggli...
Hmm that would make sense. The user-agent header does have "slack" in it so probably not a web browser, and its not far fetched that most libraries dont implement the same origin policy when it comes to headers and redirects.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
