[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!
From: Bipin Gautam <gautam.bipin@xxxxxxxxx>
Date: Mon, 25 Apr 2005 16:44:03 +0545

On 4/25/05, Morning Wood <se_cur_ity@xxxxxxxxxxx> wrote:
> i used to have my UA set to a basic xss script...
> many sites are vulnerable to this.
> The most troubling is the fact that many web based reporting / log tools
> are in html format, thus rendering the UA injection in the browser of 

you should have let the world know earlier man... i've discovered this
for over few years...... letting you private tricks let-go will always
keep you creative.    Maybe this was almost lost somewhere in my
sleaves. Anyways, http://zone-h.org huh! I UNDERSTAND  ;D

---
Bipin Gautam
http://bipin.tk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Some Web-programmer flaw 'may' result in code execution in server side!
  - From: Bipin Gautam
- Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!
  - From: Morning Wood

Prev by Date: Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!
Next by Date: [Full-disclosure] STRUCT AKA "Daniel G Arnold" from #HACKPHREAK
Previous by thread: Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!
Next by thread: [Full-disclosure] STRUCT AKA "Daniel G Arnold" from #HACKPHREAK
Index(es):
- Date
- Thread