|
Hey all,
I think there is a small security threat in the ASP stats code.
When reading through the code i didnt see any checking/cleaning of the pid data,
this could be exploited by an attacker to gain access to your data base
and if u were using the same...
Started by nos on
, 15 posts
by 3 people.
Answer Snippets (Read the full thread at buddabudda):
The PID's, then any SQL code "injected" in it's place would simpy be an invalid value, create further, but from memory, the way we treat all things like the PID's, then any SQL code "injected stats list then
inset a new pid field with sql....
|
|
This is extremely simple;
Code: [IMG]YOUR REDGAGE LINK[/IMG]
Example (Remove the space...);
Code: [ IMG]http://www.redgage.com/photos/mrhappy/a-new-perspective.html[/IMG]
Let the spamming begin?
P.S. If I had subscriber this would be private ;P
Started by MrHappy on
, 20 posts
by 16 people.
Answer Snippets (Read the full thread at thebotnet):
Rasputin has a long job ahead of him.
Loader This exploit works for a long list of sites.
Rasputin has a long job ahead of him blocking them soon .
This exploit works for a long list of sites.
Related shopping results:
|
|
How are buffer overflows used to exploit computers?
How is one able to execute arbitrary code simply by causing stack or heap overflows?
I understand that portions of the programs memory are overwritten that aren't supposed to be, but I don't see how ...
Started by Simucal on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
Heap overflows....
That's for buffer overflows.
Edit: You the CPU to jump to a particular memory location, the one where y ou put your own code.
An error case in bad code that can't be exploited for anything outside of a crash (DoS).
|
Ask your Facebook Friends
|
According to the Internet Storm Center, there seems to be a SSH 0-day exploit out there.
There is some proof of concept code in here and some reference:
http://secer.org/hacktools/0day-openssh-remote-exploit.html http://isc.sans.org/diary.html?storyid...
Started by sucuri on
, 10 posts
by 9 people.
Answer Snippets (Read the full thread at serverfault):
P tcp --dport 22 -j DROP
According so the SANS post, this exploit does not work against current.
|
|
On a page from a website (one of ours) I can enter in the url the following code:
javascript:createNewWindow('Something', 100, 100, 'Text')
Is there a way someone can exploit this?
function createNewWindow(url, widthIn, heightIn, title) { var strOptions...
Started by osp70 on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
If your comment about adding the code means that you were able understand the risks of that code....
Given that code, the createNewWindow() script isn't any more vulnerable than the raw javascript don't need to be concerned about that.
|
|
I'm pretty green still when it comes to web programming, I've spent most of my time on client applications. So I'm curious about the common exploits I should fear/test for in my site.
Started by Brian Leahy on
, 14 posts
by 14 people.
Answer Snippets (Read the full thread at stackoverflow):
Be looking after involve code injection into your application, so XSS (Cross Site Scripting) and SQL sure that if your application allows for a user to inject any code whatsoever, it's regulated Execution Code vulnerable to remote....
|
|
Ok, I did some testing and figured this way is alot better because it doesn't require the game to be active (can be minimized or w/e) so you can play other games or do this collection on multiple accounts at once.
How this works:
It tricks the client ...
Answer Snippets (Read the full thread at taultunleashed):
Impossible to exploit clientside :p
Last edited by evilfigment on 11 Aug 2008, 13:54.
To the server.
|
|
Our IT services firm is proposing a network reconfiguration to use the IP range 10.10.150.1 – 10.10.150.254 internally as they state the current IP scheme using manufacturer defaults of 192.168.1.x is "making it to easy to exploit".
Is this true? How ...
Started by Michael Glenn on
, 17 posts
by 17 people.
Answer Snippets (Read the full thread at serverfault):
The days of hard-coded viruses....
Any exploit worth its weight will be using all three private subnet ranges isn't covered...
My guess would be that some drive-by router exploit scripts are hardcoded to go looking not think this is likely.
|
|
I need a way in Perl to strip naughty things, such as XSS, image interjection, and the works.
I found HTML::StripScripts but it hasn't updated in close to two years, and I'm not up to date with all the new exploits.
Is it safe?
What other markups languages...
Started by Timmy on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
It is safer to white.
It is better to not try to strip (Blacklisting) certain things .
code/site safe.
|
|
Today online security is a very important factor. Many businesses are completely based online, and there is tons of sensitive data available to check out only by using your web browser.
Seeking knowledge to secure my own applications Ive found that Im...
Started by ChrisAD on
, 9 posts
by 9 people.
Answer Snippets (Read the full thread at stackoverflow):
I once found an exploit in....
Some people would advise you to exploit, because as you mentioned, some places it would be illegal to even verify the exploit, and some.
They don't trust or don't believe the source.
Unsolicited advice.
|
