Full Disclosure mailing list archives
Re: Is OWASP vulnerable ??
From: Valdis.Kletnieks () vt edu
Date: Sat, 10 Mar 2007 23:37:25 -0500
On Sat, 10 Mar 2007 16:33:21 CST, Paul Schmehl said:
In addition to true andfalse, try 3, 0 , -37, "Cabbage", and maybe "true) and (my_evil_function()))". See if you can force it to throw a syntax error that creates a 404 page or something that contains *other* input you control, especially if it finds its way to an eval().
Even if this is true, all you would have then is an information disclosure that might lead to some other compromise path. But all the code is already available to the attacker, so he/she ought to be able to read the code and find the exploitable condition without doing all that extra work.
Paul, if you find a way to get something to execute an eval() with data that you control, and all you can get out of that is an information disclosure, you *really* need to find a new line of work. Yeah, a 404 page controlled by the server might just be too chatty and give away info - but if you can control the input that creates the 404 page, it gets more interesting...
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? czino2 (Mar 11)
- Re: Is OWASP vulnerable ?? Michael Silk (Mar 11)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? czino2 (Mar 11)
- <Possible follow-ups>
- Re: Is OWASP vulnerable ?? Steven M. Christey (Mar 12)