lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon Apr 25 03:39:29 2005
From: gautam.bipin at gmail.com (Bipin Gautam)
Subject: Some Web-programmer flaw 'may' result in code
	execution in server side!

These days, i've seen a trend in some so-called computer security
related websites. They have a feature to show a summary about the user
in some page in their website

Like;
-----
Real IP:
User Agent:
Transperent Proxy Ip:   etc...

---------

the problem lies when you supply a malicious user agent.

a basic test could be,

User Agent: <h1> Hello World! </h1> or some java script... better try
PHP instead!!!

regads,
bipin
http://bipin.tk
---
Bipin Gautam
http://bipin.tk

Powered by blists - more mailing lists