Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: php http exploit method - pbsync hack question
Top Forums Shell Programming and Scripting php http exploit method - pbsync hack question Post 302239878 by era on Wednesday 24th of September 2008 03:34:21 PM
Old 09-24-2008
That's a cross-site scripting vulnerability at its finest. Are you asking how to prevent this on a design level? Never trust user-supplied data.

It's not clear what values for p you want to continue to allow, but the basic principle should be "deny everything except a well-known set" and so a simple implementation would be to default to accueil.html unless p is one from a small set of other pages you want to allow. (A simple but, on the face of it, reasonably safe generalization would be to only allow values for p which do not contain any slash, encoded or otherwise. But "encoded or otherwise" can constitute a large security hole, too. Are you sure you know all the ways a slash could end up as the result of URL parsing?)
 

6 More Discussions You Might Find Interesting

1. IP Networking

Wireshark TCP and HTTP question.

Hello all. This is my first post and thank you for your forum. Here is my question. I have a simple setup at home and I was capturing some data with wireshark. Data between a workstation and the web server, requesting a page. Simple enough. Now when I open wireshark, I apply the TCP... (4 Replies)
Discussion started by: squaresphere
4 Replies

2. Shell Programming and Scripting

sending http url through http socket programming..

hi am senthil am developing a software to send and receive SMS using HTTP connection first of all am forming a URL and sending that URL to a remote server using my Client Program i send that url through Socket(using Send() Function) if i send more than one URL one by one using the same... (4 Replies)
Discussion started by: senkerth
4 Replies

3. Programming

Need a help in automating the http authenticated web page - via PHP scripting

Hi all, Need a help in PHP scripting. Am automating a process in web page. The process is 1. i have to open that web page using the user credentials (Username and password). 2. select a drop down and click submit button. 3. Then check for the status of the page. Please help me how to... (1 Reply)
Discussion started by: vidhyaS
1 Replies

4. Web Development

HTTP Headers Reference: HTTP Status-Codes

Hypertext Transfer Protocol -- HTTP/1.1 for Reference - HTTP Headers 10 Status Code Definitions Each Status-Code is described below, including a description of which method(s) it can follow and any metainformation required in the response. (1 Reply)
Discussion started by: Neo
1 Replies

5. Solaris

HTTP Debugging Method

Hi, I need to disable HTTPD debugging method in one server. I added the entry 'TraceEnable off' in /etc/apache/httpd.conf. I restart httpd for the changes to take effect, however I realize now that httpd is actually 'disabled'. When I try to enable httpd, it shows the status as being in... (1 Reply)
Discussion started by: anaigini45
1 Replies

6. Shell Programming and Scripting

awk script to find time difference between HTTP PUT and HTTP DELETE requests in access.log

Hi, I'm trying to write a script to determine the time gap between HTTP PUT and HTTP DELETE requests in the HTTP Servers access log. Normally client will do HTTP PUT to push content e.g. file_1.txt and 21 seconds later it will do HTTP DELETE, but sometimes the time varies causing some issues... (3 Replies)
Discussion started by: Juha
3 Replies

LEARN ABOUT DEBIAN

filezilla

filezilla(1)							 FileZilla Manual						      filezilla(1)

NAME

       FileZilla - FTP client

SYNOPSIS

       filezilla
       filezilla [-l <logontype>] <FTP URL>
       filezilla -h|-s|-v
       filezilla -c <site>

DESCRIPTION

       FileZilla is a powerful client for plain FTP, FTP over SSL/TLS (FTPS) and the SSH File Transfer Protocol (SFTP).

OPTIONS

       -c <site>, --site <site>
	      Connect  to  the given site from the Site Manager.  Site has to be given as complete path, with a slash as separation character. Any
	      slash or backslash that is part of a segment has to be escaped with a backslash. Path has to be prefixed with  0	for  user  defined
	      entries or 1 for default entries. Site path may not contain double quotation marks.

	      Example: filezilla -c 0/foo/bar/sl/ash connects to the user site sl/ash in the site directory foo/bar

	      May not be used together with -s nor with URL parameter.

       -h, --help
	      Displays a help dialog listing these commandline options.

       -l <logontype>, --logontype <logontype>
	      Set a special logontype, can only be used in combination with a FTP URL as argument.

	      Logontype has to be either ask or interactive. If -l isn't given, the normal logontype is used.

       -s, --sitemanager
	      Start with Site Manager opened. May not be used together with -c nor with URL parameter.

       -v, --version
	      Display version number of FileZilla.

ENVIRONMENT

       The FZ_DATADIR environment variable can be used to specify the directory containing FileZilla's data files.

SUPPORT

       Please visit http://filezilla-project.org/ for further information. Report bugs only if you are using the latest version available from the
       FileZilla website.

COPYRIGHT

       Copyright (C) 2004-2010	Tim Kosse

       FileZilla is distributed under the terms of the GNU General Public License version 2 or later.

SEE ALSO

       fzdefaults.xml(5)

								    April 2008							      filezilla(1)
All times are GMT -4. The time now is 03:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy