| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8e5ffb560504241939468ea918@mail.gmail.com> Date: Mon Apr 25 03:39:29 2005 From: gautam.bipin at gmail.com (Bipin Gautam) Subject: Some Web-programmer flaw 'may' result in code execution in server side! These days, i've seen a trend in some so-called computer security related websites. They have a feature to show a summary about the user in some page in their website Like; ----- Real IP: User Agent: Transperent Proxy Ip: etc... --------- the problem lies when you supply a malicious user agent. a basic test could be, User Agent: <h1> Hello World! </h1> or some java script... better try PHP instead!!! regads, bipin http://bipin.tk --- Bipin Gautam http://bipin.tk
Powered by blists - more mailing lists