Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
The Wireshark 1.0.1 edit
BlueZ the SDP load handl
Mozilla the Firefox 2.0.
WeFi journal file local
IntelliTamper HTML resol
IntelliTamper 2.0.7 (htm
phpMyAdmin long-distance
VLC the media player WAV
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
BlueZ the SDP load handl
Microsoft Windows DNS se
XChangeboard newThread.p
Youngzsoft CMailServer l
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
Baidu Hi CSTransfer.dll
Microsoft Windows SMB th
Numark CUE 5 .m3u file p
Apple Bonjour for Window
Apple iTunes third party
Apple QuickTime Movie/PI
NetBSD ICMPv6 the MLD te
Libpng storehouse png_pu
VLC media player mmstu.c
Google Chrome SaveAs fun
Najdi.si Toolbar najdisi
Marvell 88W8361P-BEM1 ch
NETGEAR WN802T wireless
Linksys the WRT350N info
CS-Cart core / user.php
Mono System.Web the module HTTP first bet enters the crack
  Add date: 10/10/2008   Publishing date: 10/10/2008   Hits: 2

Issues the date: 2008-08-20
Renewal date: 2008-08-29

Is affected the system:
Mono Mono 2.0
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30867

Mono is opens the source based on the .NET frame to develop the platform, the permission development personnel constructs Linux and the cross platform application.

The Mono Sys.Web module has not filtered certain parameters then to use correctly in the HTTP response, the long-distance aggressor may cause through the submission evil intention HTTP request to pour into willfully HTML and the script code and carries out in the user browser conversation.

<* origin: Juraj Skripsky (juraj@hotfeet.ch)
 
  Link: http://secunia.com/advisories/31643/
        https://bugzilla.novell.com/show_bug.cgi?format=multiple&id=418620
*>

Test method:
--------------------------------------------------------------------------------

Warning

The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!

<script runat= " server " >
void Page_Load (object o, EventArgs e) {
    // Query parameter text is not checked before saving in user cookie
    NameValueCollection request = Request.QueryString;

    // Adding cookies to the response
    Response.Cookies [“userName”]. Value = request [“text”];
}
</script>

Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:

Mono
----
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:

http://www.mono-project.com/
 
Prev:Samba group_mapping.tdb/group_mapping.ldb founds the unsafe document crack Next:Red Hat table of contents server many cross station script crack

Comment:

Category: Home > System crack
Home