Vulnerability Development mailing list archives

Re: information being stored from cgi forms

From: crispin () WIREX COM (Crispin Cowan)
Date: Fri, 10 Mar 2000 18:18:59 +0000


Bob Johnson wrote:

Within the past couple of weeks I've noticed that when I answer questions on
any web based   form (questionnaire, application, etc.) on any web site - it
seems that each time I press the <ENTER> key or <TAB> key or use the down
arrow to go to the next field, it takes much longer to advance to the next
field than it used to.

It's almost like the data that I type in is being stored somewhere on the
hard disk before I can advance to the next field.


Do you have Javascript enabled?  It could be that the forms you are typing into
are actually being processed by a javascript applet that came with the form.
That would account for the latency and the disk activity.

Personally, I run with javascript disabled.  With way over 20 unique Javascript
security vulnerabilities announced in 1999, I consider browsing untrusted sites
with scripting enabled to be hazardous.  When I encounter a web site that
requires javascript for navigation (e.g. securityfocus.com ^W citysearch.com
:-) I give 'em a "Bronx Cheer" :-) and go elsewere.

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org
                  JOBS!  http://immunix.org/jobs.html

Current thread:

Re: NT 4.0 (Workstation) Logon Authentication Vulnerability, (continued)
- - - Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
    - Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
    - Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)
    - (another) MS Outlook hole in embedded metafiles? Michael Wojcik (Mar 08)
    - Re: spoofing the ethernet address Pavel Kankovsky (Mar 09)
    - Extending the FTP "ALG" vulnerability to any FTP client Mikael Olsson (Mar 10)
    - DoS in ArGoSoft FTP Server, Version 1.04 (1.0.4.4) for win* Knud Erik Hřjgaard (Feb 11)
    - Re: Extending the FTP "ALG" vulnerability to any FTP client Dug Song (Mar 11)
    - Security auditing of network infrastructure Martin M Samson (Mar 11)
    - information being stored from cgi forms Bob Johnson (Mar 10)
    - Re: information being stored from cgi forms Crispin Cowan (Mar 10)
- Re: spoofing the ethernet address Timothy J. Miller (Mar 13)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 14)
  - Re: spoofing the ethernet address John Flux (Mar 14)
  - Re: spoofing the ethernet address Juan M. Courcoul (Mar 15)
  - Linux Mandrake 6.1 PAM/userhelper exploit Paulo Ribeiro (Mar 16)
  - AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
    - Re: AIM 3.0 Buffer Overflow exploit Jamal Hendershot (Mar 19)
    - Re: AIM 3.0 Buffer Overflow exploit - - (Mar 21)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 15)
- Re: spoofing the ethernet address James A. Robbins (Mar 15)

(Thread continues...)