|
|
Colapse all |
Post message
Stored XSS @ amazon with a book 2010-12-17 Dirk Wetter (spam drwetter org) Hi, there's in some sense a remarkable flaw in Amazon's web shop (tested on .de, co.uk, .com). It's a stored XSS vulnerability which can be exploited with a web application security book. No kidding! It's easily reproducible: 1) Go to Amazon.TLD (for TLD see above, I guess every domain should w [ more ] [ reply ] spider web scanner 2010-12-17 modversion (modversion gmail com) (3 replies) hi list: Anybody could suggest a web scanner with the following functions: 1.It could import many domain and subdomain for scan. 2.Acting as a spider could find subdomain and directory. 3.support customs url check which can work with spidered result thanks in advanced! -------------------------- [ more ] [ reply ] Making Security Suck Less 2010-12-16 Pete Herzog (lists isecom org) Hi, "Now not everything about the old security model is bad. Personally, I really like the Zen feel of it. It's like raking the fine, white, beach sand into those concentric lines and around rocks and dead fish and stuff. It's very Zen. Then as the tide rises, the wind blows, and Frisbees get b [ more ] [ reply ] OSSTMM 3 released! 2010-12-14 Pete Herzog (lists isecom org) Hi, The OSSTMM has been released today at www.osstmm.org. It's a big document so you may want to check out first some of the reviews and commentary on it first. InfoSec Island is having an OSSTMM week to spread the word: https://www.infosecisland.com/osstmm.html Some of the articles available: [ more ] [ reply ] Oracle Ultra Search - SQL Injection 2010-12-13 The Dead (th3d34d gmail com) Hello guys! I´m doing a pen-test and I found some apps that use Oracle Ultra Search techonology that seems not to filter user input properly. I got this error when I input for example: Input: '{-- ORA-29902: error in executing ODCIIndexStart() routine ORA-20000: Oracle Text error: DRG-50900: text [ more ] [ reply ] CEPT 2010-12-10 abigdeale gmail com (1 replies) No offense, but I was with you until your sentence ended with average salary. If you doing pentesting because you are chasing money then you are missing the point. Its about 'out-thinking' your opponent and stopping him/them. Geez. Its like years ago when mcse was a 'hot' cert and we got involved be [ more ] [ reply ] Network Top 10 2010-12-10 cribbar (crib bar hotmail co uk) Hi All, Can I ask, does there exist any equivalent to OWASP's Top 10 Project (which is targetted at application security), for network infrastructure? Or would anyone be willing to list your own "Top 10" common vulnerabilities that you come across on network based audits, as opposed to applicatio [ more ] [ reply ] Re: How to become a pentester 2010-12-10 Anupam Kumar (anupam kumargroups org) (1 replies) Hi Andres, It is quite simple to become a pentester. You need to ensure that you have thorough understanding in security. Having certifications like CEH or Security+ is helpful. Remember that a pentester can't be confined to one technology. You virtually need to know everything. However, in the b [ more ] [ reply ] |
|
Privacy Statement |
They are running an Oracle DBMS.
Simply tryin ' OR '1'='1' returned one single result. In trying to find the number of queries returned by the column i used:
' OR '1'='1' ORDER BY n--
Anything above 7 in the Order by query generates an er
[ more ] [ reply ]