Vulnerability Development mailing list archives
Re: information being stored from cgi forms
From: crispin () WIREX COM (Crispin Cowan)
Date: Fri, 10 Mar 2000 18:18:59 +0000
Bob Johnson wrote:
Within the past couple of weeks I've noticed that when I answer questions on any web based form (questionnaire, application, etc.) on any web site - it seems that each time I press the <ENTER> key or <TAB> key or use the down arrow to go to the next field, it takes much longer to advance to the next field than it used to. It's almost like the data that I type in is being stored somewhere on the hard disk before I can advance to the next field.
Do you have Javascript enabled? It could be that the forms you are typing into are actually being processed by a javascript applet that came with the form. That would account for the latency and the disk activity. Personally, I run with javascript disabled. With way over 20 unique Javascript security vulnerabilities announced in 1999, I consider browsing untrusted sites with scripting enabled to be hazardous. When I encounter a web site that requires javascript for navigation (e.g. securityfocus.com ^W citysearch.com :-) I give 'em a "Bronx Cheer" :-) and go elsewere. Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org JOBS! http://immunix.org/jobs.html
Current thread:
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability, (continued)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
- Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)
- (another) MS Outlook hole in embedded metafiles? Michael Wojcik (Mar 08)
- Re: spoofing the ethernet address Pavel Kankovsky (Mar 09)
- Extending the FTP "ALG" vulnerability to any FTP client Mikael Olsson (Mar 10)
- DoS in ArGoSoft FTP Server, Version 1.04 (1.0.4.4) for win* Knud Erik Højgaard (Feb 11)
- Re: Extending the FTP "ALG" vulnerability to any FTP client Dug Song (Mar 11)
- Security auditing of network infrastructure Martin M Samson (Mar 11)
- information being stored from cgi forms Bob Johnson (Mar 10)
- Re: information being stored from cgi forms Crispin Cowan (Mar 10)
- Re: spoofing the ethernet address John Flux (Mar 14)
- Re: spoofing the ethernet address Juan M. Courcoul (Mar 15)
- Linux Mandrake 6.1 PAM/userhelper exploit Paulo Ribeiro (Mar 16)
- AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
- Re: AIM 3.0 Buffer Overflow exploit Jamal Hendershot (Mar 19)
- Re: AIM 3.0 Buffer Overflow exploit - - (Mar 21)