Crash my webserver!
Vladimir Panteleev
thecybershadow.lists at gmail.com
Sat May 13 11:21:53 UTC 2023
On Saturday, 13 May 2023 at 09:03:22 UTC, Andrea Fontana wrote:
> Online into the wild listening on port 57123.
Not bad. What I found in 10 minutes:
- LF line endings are not accepted
- Host header is mandatory, but not for nginx
- Raw UTF-8 gets mangled in URL and POST parameters, you might be
decoding those twice
- `multipart/form-data` encoding errors are silently discarded
- The server seems to handle `application/x-www-form-urlencoded`
very differently from `multipart/form-data`? Even though they're
both alternative options for HTML `<form>` parameters, and one is
somewhat of a superset of the other
Hope this helps.
More information about the Digitalmars-d
mailing list