[Owasp-sydney] XSS/Phising with PDF

Jean-Jacques Halans halans at gmail.com
Wed Jan 3 19:15:55 EST 2007

Yes, you're right, it's an anchor, not a request parameter at all.

On 1/4/07, kuza55 at gmail.com <kuza55 at gmail.com> wrote:
> Actually, I don't think the server can, because browsers don't send
> the fragment after the # symbol, break out Ethereal or something and
> have a look; when you go to any URL, the segment after the # isn't
> sent; I presume that is because its not relevant to what page the
> server sends, it is only relevant to the browser.
> - Alex "kuza55"

Halans Jean-Jacques

> http://www.halans.be
> http://del.icio.us/halans

More information about the Owasp-sydney mailing list