|
Full Disclosure
mailing list archives
Some Web-programmer flaw 'may' result in code execution in server side!
From: Bipin Gautam <gautam.bipin () gmail com>
Date: Mon, 25 Apr 2005 08:24:23 +0545
These days, i've seen a trend in some so-called computer security
related websites. They have a feature to show a summary about the user
in some page in their website
Like;
-----
Real IP:
User Agent:
Transperent Proxy Ip: etc...
---------
the problem lies when you supply a malicious user agent.
a basic test could be,
User Agent: <h1> Hello World! </h1> or some java script... better try
PHP instead!!!
regads,
bipin
http://bipin.tk
---
Bipin Gautam
http://bipin.tk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Some Web-programmer flaw 'may' result in code execution in server side! Bipin Gautam (Apr 24)
|
Intro
