Basicly this simple employees a HEAP of big tags and only requires a
single closing tag. Someone versions on view will die others require
something to activate rendering I assume this could be done via a java
script.
Proof of concept
http://www.lexicon.net/mccann/t.html
Mozilla doesn't crash
Hi,
I'm looking at a web application I
built some time back and I found this line:
$sth = $dbh-prepare("insert into projects
values(null,\"$project\")");
I'm using Perl.
This works quite exploitable to me since $project comes directly from user
without any validation :)
The thing is
$sth = $dbh-prepare(insert into projects
values(null,\$project\));
$project = qq!); delete from any_table where value in(!;
executes:
insert into projects values(null, ); delete from any_table where value
in();
___
Full-Disclosure - We believe in
Because the guy was doing something with computers,
all rational thought got turned off
-Larry Lessig, Stanford Cyber-law expert
Despite computers being ubiquitous in this day and age,
there is still a stigma, IMHO, of being a computer
professional. In a courtroom, I fear that the more
On Sat, 2003-10-18 at 09:18, Jonathan A. Zdziarski wrote:
$sth = $dbh-prepare(insert into projects
values(null,\$project\));
$project = qq!); delete from any_table where value in(!;
executes:
insert into projects values(null, ); delete from any_table where value
in();
IIRC, using
Paulo == Paulo Pereira [EMAIL PROTECTED] writes:
Paulo $sth = $dbh-prepare(insert into projects values(null,\$project\));
This clearly should have been:
my $sth = $dbh-prepare(insert into projects values(null, ?));
$sth-execute($project);
which will Do The Right Thing.
Placeholders,
I have no personal information on NASA but would expect it works like any
large enterprise company or other government organization which I do have
experience with. You tend to have a few really good folks and a bunch of so
so folks and some really bad folks. The bigger the organization the easier
Tested on Opera 7.11/Linux 2.4.21 and 7.21/Linux 2.4.21.
Neither exhibited any signs of DoS.
tim
On Sat, Oct 18, 2003 at 02:29:13PM +1000, John wrote:
Basicly this simple employees a HEAP of big tags and only requires a
single closing tag. Someone versions on view will die others require
Some personal firewalls on windows are using checksums for every application
trying to access network device. Yesterday i've upgraded mirc and have got a
warning about this. iptables, unfortunately, doesn't provide such a
functionality out of the box. luckily, it have an open API and extends well
On Fri, 2003-10-17 at 22:44, jkm wrote:
Quote 2:
ATT saw anomalies in its network three to four weeks before that worm
hit and was able to take certain precautions. When the worm actually
happened, ATT's network did not take a hit,'' Eslambolchi said.
Doesn't it seem like they're trying to
On Fri, 17 Oct 2003 21:13:51 PDT, Randal L. Schwartz said:
Please, please, PLEASE use the code I posted here.
Unless you think you know Perl better than Randal does. On the other hand, you
might want to look at http://www.geekcode.com/geek.html and ponder what P+
means. Or just take a
On Fri, 17 Oct 2003 10:24:59 CDT, Schmehl, Paul L said:
No offense meant to the fine IT people at NASA, but do you seriously
believe that the one-percenters are securing the network? As opposed to
say, figuring out how to land a rover on Mars, how to keep astronauts
alive in space, how to
If the IT people are busy figuring out how to land a rover etc, then:
They may not be landing the rover, but they're most definitely
responsible for the systems infrastructure that allows them to
communicate via the command center.. obviously these are going to be
different people than the ones
--- Hoho [EMAIL PROTECTED] wrote:
On Fri, 2003-10-17 at 22:44, jkm wrote:
Quote 2:
ATT saw anomalies in its network three to four
weeks before that worm
hit and was able to take certain precautions.
When the worm actually
happened, ATT's network did not take a hit,''
Eslambolchi said.
What if people developing worms do small test runs
before the final release?
The ATT approach might not work if the developer
was testing it on a private network, but if they
used a small collection of zombies on the internet
to test it out and see how well it works,
conceivably it could be
--- Steve Wray [EMAIL PROTECTED] wrote:
What if people developing worms do small test runs
before the final release?
The ATT approach might not work if the developer
was testing it on a private network, but if they
used a small collection of zombies on the internet
to test it out and see
heh..
On Sat, Oct 18, 2003 at 07:16:13AM -0700, Randal L. Schwartz wrote:
Paulo == Paulo Pereira [EMAIL PROTECTED] writes:
Paulo $sth = $dbh-prepare(insert into projects values(null,\$project\));
This clearly should have been:
my $sth = $dbh-prepare(insert into projects values(null,
Mod_security 1.7 has been released. It is immediately available for
download from:
http://www.modsecurity.org/download/
This release contains major new functionality, see changes below for
more details.
About mod_security
--
Mod_security is an Apache module whose purpose is to
one way of doing it:
$query=sprintf(insert into projects values(null,%s),dbh-quote($project));
$sth = $dbh-prepare($query);
-cdx
- Original Message -
From: Paulo Pereira
To: [EMAIL PROTECTED]
Sent: Saturday, October 18, 2003 1:28 PM
Subject: [Full-Disclosure] Question: is this
-168851094110829
Content-Disposition: form-data; name=message
CVg8RH5u
-168851094110829
Content-Disposition: form-data; name=To
[EMAIL PROTECTED]
-168851094110829
Content-Disposition: form-data; name=CC
am 18.10.2003 6:29 Uhr schrieb John unter [EMAIL PROTECTED]:
Basicly this simple employees a HEAP of big tags and only requires a
single closing tag. Someone versions on view will die others require
something to activate rendering I assume this could be done via a java
script.
Proof of
Has no effect on IE6.0 on Win2k SP4 with no IE
patches.
--
S.G.Masood
Hyderabad,
India.
--- Thomas Rogg [EMAIL PROTECTED] wrote:
am 18.10.2003 6:29 Uhr schrieb John unter
[EMAIL PROTECTED]:
Basicly this simple employees a HEAP of big tags
and only requires a
single closing tag.
I compiled the PoC DOS with one small change so that it would accept IP
addresses from the command line instead of recompiling per test. I ran
the dos several times per OS, here are the results I got (none of the
test systems have the KB828035 hotfix applied.)
Windows 2000 Advanced Server
I don't believe this is a true statement.
Perldoc on the quote function:
quote
$sql = $dbh-quote($value);
$sql = $dbh-quote($value, $data_type);
Quote a string literal for use as a literal value in an SQL
state-
ment, by escaping any special
On Sat, 18 Oct 2003, S G Masood wrote:
IMHO, testing on a private network is always
preferable for highly accurate predictions.
My guess is that the msblast worm's author did do testing on a private
network. I wrote a simulation of msblast that placed susceptible hosts
in bands in a 16-bit
Escaping quote characters might work OK in MySQL, but it is at best
only a database-dependent solution.
Nobody said anything about simply quoting a string, if you read the
description I posted of quote, it does more than that. The function
that we are talking about IS part of DBI, not some
--On Saturday, October 18, 2003 1:50 PM -0400 [EMAIL PROTECTED] wrote:
On Fri, 17 Oct 2003 10:24:59 CDT, Schmehl, Paul L said:
No offense meant to the fine IT people at NASA, but do you seriously
believe that the one-percenters are securing the network? As opposed to
say, figuring out how to
27 matches
Mail list logo