>Date: Wed, 11 Jul 2001 14:57:10 -0400
>From: Chad Gray <[EMAIL PROTECTED]>
>Subject: RE: URL Hacks - Solution
>I added the following things to your script to check for:
>exec%xp_cmdshell
>exec+xp_cmdshell
>exec xp_cmdshell
><script>
Shouldn't it be exec%20xp_cmdshell not exec%xp_cmdshell ?
Anyway, Thanks. I've added those to the main script. It's now available.
Just to cover bases, I've also added %3Cscript%3E, for the rare occasions,
although this might just be me being paranoid. Can't think of any occasion
where this would cause problems.
I've tested this script against a large form list with multiple cookies to a
url.variable page, and it handled it all quite quickly. I was surprised.
>VB scripts are another area to look into.
Now we're going way out of my league. Cold fusion is my best language, and I
still have lots to learn about that. Again, I need everyone's help. If
anyone knows any other dangerous scripting that my antihack program could
work against, please send me the scripting (in a non-executing format, of
course)
Thanks everyone.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
