Comment by eru
3 days ago
Yes, even a GET request can change the state of the external world, even if that's strictly speaking against the spec.
3 days ago
Yes, even a GET request can change the state of the external world, even if that's strictly speaking against the spec.
Wasn't there a HN post where someone made their website look different to LLMs or webscrapers than a typical user? I can't seem to find the post but that could add an extra layer (I mean it is all different if you're viewing from a browser vs curl)
Yes, and get requests with the sensitive data as query parameters are often used to exfiltrate data. The attackers doesn't even need to set up a special handler, as long as they can read the access logs.