mailing list archives
Re: Is OWASP vulnerable ??
From: Valdis.Kletnieks () vt edu
Date: Sat, 10 Mar 2007 16:51:51 -0500
On Sat, 10 Mar 2007 15:15:54 CST, Paul Schmehl said:
Given the syntax of this function, wgBreakFrames can only have one of two
values: true or false.
I'd be interested to see some POC that would show how you would exploit
The first thing to do is abuse the variable. In addition to true and false, try
3, 0 , -37, "Cabbage", and maybe "true) and (my_evil_function()))". See if you
can force it to throw a syntax error that creates a 404 page or something that
contains *other* input you control, especially if it finds its way to an eval().
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Is OWASP vulnerable ?? Andrew Farmer (Mar 10)