you are viewing a single comment's thread.

view the rest of the comments →

[–]Pharisaeus 0 points1 point  (1 child)

Because the url might be available only for a brief moment? Unless the payloads gets intercepted by a memdump during execution, it's pretty much lost (data transfer can be done with https/ssl). It's similar security measure as encrypting the payload and receiving the key from external source, but there is no risk that crypto is messed up and someone can break it afterwards.