[Full-disclosure] Some Web-programmer flaw 'may' result in code execution in server side!

[Bipin Gautam <gautam.bipin@xxxxxxxxx>]

These days, i've seen a trend in some so-called computer security
related websites. They have a feature to show a summary about the user
in some page in their website

Like;
-----
Real IP:
User Agent:
Transperent Proxy Ip:   etc...

---------

the problem lies when you supply a malicious user agent.

a basic test could be,

User Agent: <h1> Hello World! </h1> or some java script... better try
PHP instead!!!

regads,
bipin
http://bipin.tk
---
Bipin Gautam
http://bipin.tk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/