Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Is OWASP vulnerable ??
From: Valdis.Kletnieks () vt edu
Date: Sat, 10 Mar 2007 16:51:51 -0500

On Sat, 10 Mar 2007 15:15:54 CST, Paul Schmehl said:
Given the syntax of this function, wgBreakFrames can only have one of two
values: true or false.

I'd be interested to see some POC that would show how you would exploit

The first thing to do is abuse the variable. In addition to true and false, try
3, 0 , -37, "Cabbage", and maybe "true) and (my_evil_function()))". See if you
can force it to throw a syntax error that creates a 404 page or something that
contains *other* input you control, especially if it finds its way to an eval().

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]