Comment 7 for bug 234629

Revision history for this message
Valentin Lorentz (progval) wrote : Re: [Bug 234629] Re: supybot !web title leaks LAN HTTP servers to the channel

I don't see in what it would be hard to guess it. Bot admins should know the difference between a website accessible from the Internet and a website accessible from a local net: nothing.

More over, I don't think knowing the title of a page is that dangerous.
The only risk is if there is some kind of web application that allows to run actions based on GET parameters, which is a known _very bad_ design pattern, also known as. CSRF (which means something like Cross Site Request Forgering).

Ralph Corderoy <email address hidden> wrote:

>> There isn't warning about "Unix progstats" command giving out PID,
>> username, ...
>
>It doesn't need one. It sounds more likely that it would give out that
>kind of thing from its name. That a plugin typically used to print the
><title> of public web pages can be used to poke about the LAN isn't so
>obvious IMHO.

--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.