Hi. I am not a flash expert but you can find many interesting things about flash and playing with http headers. For instance the case of Expect XSS Vulnerability. I don't know any way to exploit but If I don't know it doesn't mean there isn't one :) Regards Michal.
On 4/24/07, InSiStKool <[EMAIL PROTECTED]> wrote: > H Michael, > This is interesting. I do able to see the output after injecting the xss > statement, but I don't see how is possible to be used. Further, > GET<script>alert(document.coookie);</script> /test.php HTTP/1.0 > I only know we can use nc or telnet to execute the above statement, how can > you execute it with a browser like ff or ie? > > You mentioned "some flash might help", can you give me an example? > > Thanks > insistkool > > > On 4/23/07, Michal Majchrowicz <[EMAIL PROTECTED]> wrote: > > > > There exist a flaw in a way how Apache and php combination handle the > > $_SERVER array. > > If the programmer writes scrip like this: > > <?php > > echo $_SERVER['REQUEST_METHOD']; > > ?> > > He will assume that REQUEST_METHOD can only by: GET,POST,OPTIONS,TRACE > > and all that stuff. However this is not true, since Apache accepts > > requests that look like this: > > GET<script>alert(document.coookie);</script> /test.php HTTP/1.0 > > And the output for this would be: > > GET<script>alert(document.coookie);</script> > > Of course it is hard to exploit (I think some Flash might help ;)) and > > I don't know if it is exploitable at all. But programmers should be > > warned about this behaviour. You can't trust any variable in the > > $_SERVER table! > > Regards Michal Majchrowicz. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
