|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 63
Members: 0
Total: 63
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
|
What is output? "Content-Disposition:attachment"-type forced download?
Yes.
What is input? Plaintext?
It's the information from a registration form. |
|
|
|
|
I made a PHP script that dynamically creates Microsoft Word .doc files. Can inserting user input into a .doc file be exploited? Is there anything I need to filter? |
|
|
|
|
well 9 characters alpha is possible but 9 characters alphanumeric takes over a year... and 10 characters alphanumeric takes over 25 years... 11 characters alphanumeric takes over 800 years. milw0rm's ... |
|
|
|
|
Right now, MD5s > 8 characters are impossible to brute force. Brute forcing 9 characters alphanumeric takes a year and 10 characters alphanumeric takes 25 years. And rainbow tables can only do up t ... |
|
|
Page 1 of 1 |
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|