Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Legal portals are generally gasbage, here's the french one for Article L511-1 of the environmental code: http://www.legifrance.gouv.fr/affichCodeArticle.do?idArticle...


Legal portals are also many times vulnerable to a form of directory traversal, where you descend the URL scheme by cropping out the last slash. ie. /documents/17683/ would become /documents/. Doing the same thing for parameters can do wonders.

So far I've found login portals to a few banks, teleoperators and to the parliament and military systems of my country. In addition, I've hit several FTP directories of organizations such as my state's public welfare system, which included software and documents.

I sometimes report these incodents as I find them, anonymously and without contact information, since nobody never responds to these reports.

tldr; Long urls can also be dangerous.


§ 1353 of the BGB (German Civil Code) can be found at http://www.gesetze-im-internet.de/bgb/__1353.html (literally ‘laws on the internet’).


So close, with minimal effort they could map that to '/bgb/1353'. It seems that dejure.org actually works that way -> http://dejure.org/gesetze/BGB/1353 seems to map to http://dejure.org/gesetze/BGB/1353.html, but they graciously ignore any kind of file extension...


Well they already managed to get an overview/full-text at /bgb/, so I am quite happy for now…




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: