Full Disclosure mailing list archives
Re: Is OWASP vulnerable ??
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 10 Mar 2007 16:33:21 -0600
--On March 10, 2007 4:51:51 PM -0500 Valdis.Kletnieks () vt edu wrote:
On Sat, 10 Mar 2007 15:15:54 CST, Paul Schmehl said:Given the syntax of this function, wgBreakFrames can only have one of two values: true or false. I'd be interested to see some POC that would show how you would exploit this.The first thing to do is abuse the variable.
How? You'd have to find some way to inject code into the javascript "stream". If you can inject code into the site, it won't be because that variable exists. It will be because something else isn't properly evaluating input.
In addition to true and
Even if this is true, all you would have then is an information disclosure that might lead to some other compromise path. But all the code is already available to the attacker, so he/she ought to be able to read the code and find the exploitable condition without doing all that extra work.false, try 3, 0 , -37, "Cabbage", and maybe "true) and (my_evil_function()))". See if you can force it to throw a syntax error that creates a 404 page or something that contains *other* input you control, especially if it finds its way to an eval().
Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? czino2 (Mar 11)
- Re: Is OWASP vulnerable ?? Michael Silk (Mar 11)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? czino2 (Mar 11)
- <Possible follow-ups>
- Re: Is OWASP vulnerable ?? Steven M. Christey (Mar 12)