Search Engine Xss

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

GSecur

Jul 27 2003, 01:13 AM

both..

> Can you use this to DoS the server?
consider that the server must process the requests.. i think it can be a DoS issue with enough length and quanity of the requests.

>Can you use this to gain access to areas on the server otherwise not
available?

many servers assume a call to "/somefolder/somefile.ext" is a trusted internal call. where http://theserver/somefolder/somefile.ext

morning_wood
http://exploitlabs.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.