Reflected File Download A New Web Attack Vector

By Oren Hafif Attackers would LOVE having the ability to upload executable files to domains like and How cool would it be for them if their files are downloaded without ever being uploaded Yes, download without upload RFD is a new web based attack that extends reflected attacks beyond the context of the web browser. Attackers can build malicious URLs which once accessed, download files, and store them with any desired extension, giving a new malicious meaning to refle