Full Disclosure mailing list archives
Re: Search Engine XSS
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 23 Jul 2003 11:34:53 -0700
both..
Can you use this to DoS the server?
consider that the server must process the requests.. i think it can be a DoS issue with enough length and quanity of the requests.
Can you use this to gain access to areas on the server otherwise not
available? many servers assume a call to "/somefolder/somefile.ext" is a trusted internal call. where http://theserver/somefolder/somefile.ext morning_wood http://exploitlabs.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Search Engine XSS morning_wood (Jul 23)
- Re: Search Engine XSS Liu Die Yu (Jul 23)
- Re: Search Engine XSS Shanphen Dawa (Jul 23)
- Re: Search Engine XSS northern snowfall (Jul 23)
- Re: Search Engine XSS morning_wood (Jul 23)
- Re: Search Engine XSS Shanphen Dawa (Jul 23)
- Re: Search Engine XSS Bill Pennington (Jul 23)
- Re: Search Engine XSS Sam Baskinger (Jul 23)
- Re: Search Engine XSS Sam Baskinger (Jul 23)
- <Possible follow-ups>
- Re: Search Engine XSS bobby manly (Jul 23)