> Attack exactly overload web sites presented in endless loop of redirects. As > I showed in all cases of Looped DoS vulnerabilities in web sites and web > applications, which I wrote about during 2008 (when I created this type of > attacks) - 2013.
You do realize that any browser can be made to issue a *lot* of requests to any other destination on the web - say, by instantiating a bunch of images, leveraging CORS, navigating iframes, etc? Browsers detect redirect loops to prevent accidental mishaps and simplify troubleshooting, not to stop malicious attacks. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/