Journal mapfortu's Journal: 130222 (0xdeadbuffer) 1
130222. System notice.
Senor Pedro Marco Agapito Jose Juan Martinez
HomelessinLaJolla
Revenerable Foo' Moe-D
Senor Pedro recommends a security notice to address a data buffer noticed by HiLJ.
Demonstration:
Highlight and copy "death I'm free" from http://cyberhymnal.org/htm/w/h/a/whatwond.htm
Paste the selection into a Slashdot edit box set for "Plain Old Text"
Preview. Notice the metacharacters.
Paste the selection into a pastebin set for "NONE" formatting. http://pastebin.com/BfnkgvL8
Submit. Notice no metacharacters.
Highlight and copy "death I'm free" on the displayed pastebin.
Paste the selection into a Slashdot edit box set for "Plain Old Text"
Preview. Notice the metacharacters.
Sanitization:
Paste the selection into MS-Word using paste special unformatted text.
Highlight and copy the sanitized "death I'm free"
Paste the selection into a Slashdot edit box set for "Plain Old Text"
Preview. No more metacharacters.
There are exploitable wrapper bits (parity bits, stop bits, null bits, they have had innumerable names over the years) in the whitespace. Researchers in the Stronghold may begin fitting this into comprehensive (eg. metasploit) building blocks. Sanitize your HTML habits accordingly.
130222 (0xdeadbuffer) More Login
130222 (0xdeadbuffer)
Slashdot Top Deals