How to avoid escape sequence attacks in terminals?
Reading the details of CVE-2009-4487 (which is about the danger of escape sequences in log files) I am a bit surprised. To quote CVE-2009-4487: nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence
Apache - httpOnly Cookie Disclosure
The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, develo
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
http://www.secforce.com/media/tools/apache_proxy_scanner.py.txt
CVE-2011-3368 PoC - Apache Proxy Scanner
nibblesec/ui_redressing_mayhem/paypal at master · daath1/nibblesec · GitHub
UI Redressing Mayhem: PayPal 0day vulnerability
Script to take advantage of CVE-2012-0053
78556: Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
UI Redressing Mayhem: HttpOnly bypass PayPwn style
{{#tags}}- {{label}}
{{/tags}}