Slythers Bro wrote:
<?php
$host = "127.0.0.1 <http://127.0.0.1>";
$user = "sqluser";
$pass = "sqlpass";
$foobar=html_entity_decode($_GET['foo']);
echo $foobar;
?>
Situation is worse. I was able to see
1. Source code itself (may expose bugs in software)
2. Data from other threads. For exaxmple on busy web server I see pieces
of HTML other users are seeing. Think if they are watching their private
e-mails or use internet banking.
What is good for attacker - this exploit does not crash server. Just
"reload" and more data is coming. So try it on production server and you
see how dangerous it might be. At least till now we got no crashing
problems with it.
Tõnu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
