In my experience the vast majority of the time exploits are found over Ajax APIs... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Ralo on March 24, 2023 \| parent \| context \| favorite \| on: Watch the Watchers: LAPD officer database In my experience the vast majority of the time exploits are found over Ajax APIs. Developers just forget that sanitization client side isn't secure. It's a good party trick for sure.

LoganDark on March 24, 2023 [–]

The funny thing is that you actually didn't do it by searching for an actual space—you would search for an underscore, and they would convert it to a space after checking if the input is empty, but before trimming, so...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact