Full Disclosure mailing list archives

Re: Search Engine XSS

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 23 Jul 2003 11:34:53 -0700

both..

Can you use this to DoS the server?

 consider that the server must process the requests.. i think it can be a
DoS issue with enough length and quanity of the requests.

Can you use this to gain access to areas on the server otherwise not

available?

many servers assume a call to "/somefolder/somefile.ext" is a trusted
internal call.
where http://theserver/somefolder/somefile.ext

morning_wood
http://exploitlabs.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Search Engine XSS morning_wood (Jul 23)
- Re: Search Engine XSS Liu Die Yu (Jul 23)
- Re: Search Engine XSS Shanphen Dawa (Jul 23)
  - Re: Search Engine XSS northern snowfall (Jul 23)
  - Re: Search Engine XSS morning_wood (Jul 23)
    - Re: Search Engine XSS Shanphen Dawa (Jul 23)
    - Re: Search Engine XSS Bill Pennington (Jul 23)
  - Re: Search Engine XSS Sam Baskinger (Jul 23)
    - Re: Search Engine XSS Sam Baskinger (Jul 23)
- <Possible follow-ups>
- Re: Search Engine XSS bobby manly (Jul 23)