Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!
From: Bipin Gautam (gautam.bipin_at_gmail.com)
Date: Mon, 25 Apr 2005 16:44:03 +0545 To: firstname.lastname@example.org
On 4/25/05, Morning Wood <email@example.com> wrote:
> i used to have my UA set to a basic xss script...
> many sites are vulnerable to this.
> The most troubling is the fact that many web based reporting / log tools
> are in html format, thus rendering the UA injection in the browser of
you should have let the world know earlier man... i've discovered this
for over few years...... letting you private tricks let-go will always
keep you creative. Maybe this was almost lost somewhere in my
sleaves. Anyways, http://zone-h.org huh! I UNDERSTAND ;D
--- Bipin Gautam http://bipin.tk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/