[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>, "Bipin Gautam" <gautam.bipin@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Sun, 24 Apr 2005 21:38:41 -0700
i used to have my UA set to a basic xss script...
many sites are vulnerable to this.
The most troubling is the fact that many web based reporting / log tools
are in html format, thus rendering the UA injection in the browser of the
person reading the logs ( most likely an admin behind the corporate
firewall ),
thus exposing him / her to possible browser based attack scenarios.
cheers,
Donnie Werner
http://exploitlabs.com
http://zone-h.org
----- Original Message -----
From: "Bipin Gautam" <gautam.bipin@xxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Sunday, April 24, 2005 7:39 PM
Subject: [Full-disclosure] Some Web-programmer flaw 'may' result in
codeexecution in server side!
These days, i've seen a trend in some so-called computer security
related websites. They have a feature to show a summary about the user
in some page in their website
Like;
-----
Real IP:
User Agent:
Transperent Proxy Ip: etc...
---------
the problem lies when you supply a malicious user agent.
a basic test could be,
User Agent: <h1> Hello World! </h1> or some java script... better try
PHP instead!!!
regads,
bipin
http://bipin.tk
---
Bipin Gautam
http://bipin.tk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/