Full Disclosure mailing list archives
Re: Is OWASP vulnerable ??
From: Valdis.Kletnieks () vt edu
Date: Sat, 10 Mar 2007 16:51:51 -0500
On Sat, 10 Mar 2007 15:15:54 CST, Paul Schmehl said:
Given the syntax of this function, wgBreakFrames can only have one of two values: true or false. I'd be interested to see some POC that would show how you would exploit this.
The first thing to do is abuse the variable. In addition to true and false, try 3, 0 , -37, "Cabbage", and maybe "true) and (my_evil_function()))". See if you can force it to throw a syntax error that creates a 404 page or something that contains *other* input you control, especially if it finds its way to an eval().
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? czino2 (Mar 11)
- Re: Is OWASP vulnerable ?? Michael Silk (Mar 11)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? czino2 (Mar 11)