Full Disclosure: Re: Some Web-programmer flaw 'may' result in codeexecution in server side!

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Some Web-programmer flaw 'may' result in codeexecution in server side!

From: Bipin Gautam <gautam.bipin () gmail com>
Date: Mon, 25 Apr 2005 16:44:03 +0545

On 4/25/05, Morning Wood <se_cur_ity () hotmail com> wrote:

i used to have my UA set to a basic xss script...
many sites are vulnerable to this.
The most troubling is the fact that many web based reporting / log tools
are in html format, thus rendering the UA injection in the browser of


you should have let the world know earlier man... i've discovered this
for over few years...... letting you private tricks let-go will always
keep you creative.    Maybe this was almost lost somewhere in my
sleaves. Anyways, http://zone-h.org huh! I UNDERSTAND  ;D

---
Bipin Gautam
http://bipin.tk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Some Web-programmer flaw 'may' result in code execution in server side! Bipin Gautam (Apr 24)
- Re: Some Web-programmer flaw 'may' result in codeexecution in server side! Morning Wood (Apr 24)
  - Re: Some Web-programmer flaw 'may' result in codeexecution in server side! Bipin Gautam (Apr 25)