lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law11-OE250SYNIPukg000017ba@hotmail.com> From: se_cur_ity at hotmail.com (morning_wood) Subject: Search Engine XSS both.. > Can you use this to DoS the server? consider that the server must process the requests.. i think it can be a DoS issue with enough length and quanity of the requests. >Can you use this to gain access to areas on the server otherwise not available? many servers assume a call to "/somefolder/somefile.ext" is a trusted internal call. where http://theserver/somefolder/somefile.ext morning_wood http://exploitlabs.com