lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon Apr 25 11:59:08 2005
From: gautam.bipin at gmail.com (Bipin Gautam)
Subject: Some Web-programmer flaw 'may' result in
	codeexecution in server side!

On 4/25/05, Morning Wood <se_cur_ity@...mail.com> wrote:
> i used to have my UA set to a basic xss script...
> many sites are vulnerable to this.
> The most troubling is the fact that many web based reporting / log tools
> are in html format, thus rendering the UA injection in the browser of 

you should have let the world know earlier man... i've discovered this
for over few years...... letting you private tricks let-go will always
keep you creative.    Maybe this was almost lost somewhere in my
sleaves. Anyways, http://zone-h.org huh! I UNDERSTAND  ;D

---
Bipin Gautam
http://bipin.tk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ