Examples include just about anything that reads data. There have been XSS issues with log monitoring software where log data is not sanitised before being parsed and displayed. PTK, a web frontend for The Sleuth Kit, had a arbitrary command execution vulnerability when reading a maliciously crafted file name on a disk image.
Jim 2009/6/4 Adrian Crenshaw <[email protected]> > We are all familiar with XSS via a form field in a web application, but > what about other vectors? The article talks about using User Agent strings, > even logs, object properties and other odd alternative vectors for XSS, SQL > and command injection. > > > http://www.irongeek.com/i.php?page=security/xss-sql-and-command-inject-vectors > > What other vectors can you think of? Any real world examples? > > Adrian > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
