Web Application Security Mode:
(Page 11 of 330)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
HTTP PARAMETER CONTAMINATION (HPC) 2011-07-05
Ivan Markovic (ivanm security-net biz)
Hello everyone, we have new research paper:

HTTP PARAMETER CONTAMINATION (HPC) original idea comes from the innovative
approach found in HPP research by exploring deeper and exploiting strange
behaviors in Web Server components, Web Applications and Browsers as a
result of query string parameter c

[ more ]  [ reply ]
Re: securing a deliberately vulnerable web app 2011-07-05
Robin Wood (robin digininja org)
On 5 July 2011 22:32, Charlie Belmer <charlie.belmer (at) gmail (dot) com [email concealed]> wrote:
> Hi Robin,
>
> A couple of suggestions:
>
> Definitely VM it and roll it back frequently. You might want a list of
> warnings to watch for, like someone trying to install root kits or run
> certain shell commands, at which point

[ more ]  [ reply ]
Re: securing a deliberately vulnerable web app 2011-07-05
Robin Wood (robin digininja org)
On 5 July 2011 16:56, arvind doraiswamy <arvind.doraiswamy (at) gmail (dot) com [email concealed]> wrote:
>
>
> On Mon, Jul 4, 2011 at 4:21 AM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
>>
>> This is a question for anyone who runs a deliberately vulnerable web
>> app on a public facing site to allow people to test hacking it or t

[ more ]  [ reply ]
Re: securing a deliberately vulnerable web app 2011-07-05
arvind doraiswamy (arvind doraiswamy gmail com)
> This is a question for anyone who runs a deliberately vulnerable web
> app on a public facing site to allow people to test hacking it or to
> test vulnerability scanners against it. I'm thinking of things like
> http://test.acunetix.com/ .

I'm not sure a lot of those (not necessarily the one you

[ more ]  [ reply ]
securing a deliberately vulnerable web app 2011-07-03
Robin Wood (robin digininja org) (2 replies)
This is a question for anyone who runs a deliberately vulnerable web
app on a public facing site to allow people to test hacking it or to
test vulnerability scanners against it. I'm thinking of things like
http://test.acunetix.com/ .

What I'd like to know is how you go about securing the box the si

[ more ]  [ reply ]
Re: securing a deliberately vulnerable web app 2011-07-06
Vedantam Sekhar (vedantamsekhar gmail com) (1 replies)
Re: securing a deliberately vulnerable web app 2011-07-06
Robin Wood (robin digininja org)
Re: securing a deliberately vulnerable web app 2011-07-05
Jeremiah Cornelius (jeremiah nur net)
Re: SQLi with backslash 2011-06-26
Robin Wood (robin digininja org) (1 replies)
On 26 June 2011 06:02, Voulnet <voulnet (at) gmail (dot) com [email concealed]> wrote:
> Yeah, I understood from you that the web app removes only the single
> and double quotes.
>
> So what kind of query would be executed on MySQL? is it:
> 1- insert into log values ('a','b');
> or
> 2- insert into log values (a,b); <-- I doub

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-26
Voulnet (voulnet gmail com)
Re: SQLi with backslash 2011-06-25
Robin Wood (robin digininja org)
On 25 June 2011 17:51, Voulnet <voulnet (at) gmail (dot) com [email concealed]> wrote:
> Okay then, have you tried an alternate encoding? MySQL can act funny
> when asian characters are used. For reference you can see this:
>
> http://stackoverflow.com/questions/1220182/does-mysql-real-escape-string
-fully-protect-against-sql-in

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-25
Voulnet (voulnet gmail com) (1 replies)
Have you tried a backslash to let MySQL auto escape a single quote for you?
Example:

insert into log values('a\', ' );drop table log --');

If I am correct, the first parameter would be 'a\', ' <-- this would
be because with the backslash, MySQL would escape the next single
quote, and consider the

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-25
Robin Wood (robin digininja org) (1 replies)
Re: SQLi with backslash 2011-06-26
Voulnet (voulnet gmail com)
Re: SQLi with backslash 2011-06-24
Robin Wood (robin digininja org)
On 24 June 2011 15:29, JD <jdruin (at) gmail (dot) com [email concealed]> wrote:
> You count still try to insert a XSS and see if some other person is serverd
> that XSS. Surely someone (maybe an admin or power user) can see those logs.
> Also, whenever you can perform SQLi but you cannot actually see any visible
> output, blin

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-24
Robin Wood (robin digininja org)
On 24 June 2011 04:19, Henry Troup <htroup (at) acm (dot) org [email concealed]> wrote:
> You'd need to get an effective single quote in there. The MySql docs don't indicate any alternatives, but I might play around with \ 0 \ - introducing a null. Or you can see if some other layer might be kind enough to interpret some numeri

[ more ]  [ reply ]
SQLi with backslash 2011-06-22
Robin Wood (robin digininja org) (1 replies)
Hi
I've got a scenario where both single and double quotes are being
stripped but no other escaping appears to be being performed. The
database is MySQL with php on top.

The query that I've found SQL injection on is in the form

insert into log values ('a', 'b');

where I can inject in to the secon

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-24
Voulnet (voulnet gmail com) (1 replies)
Re: SQLi with backslash 2011-06-25
Robin Wood (robin digininja org) (1 replies)
Re: SQLi with backslash 2011-06-25
Voulnet (voulnet gmail com) (1 replies)
RE: SQLi with backslash 2011-06-27
Onken, Skyler (onk08001 byui edu)
RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner 2011-06-20
Chris Weber (chris casabasecurity com)
Ryan - I'm I correct that the two methods you use for identifying the WP
version are:

a) Parse the readme.html file for the version number
b) Parse the meta tag generator content for the WP version number

In the case where both of these failed, what do you do? Does Seth's plan of
comparing hashes

[ more ]  [ reply ]
RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner 2011-06-20
Chris Weber (chris casabasecurity com)
dd, have you open sourced any parts of your production code, such as the
fingerprinting data? Or do we each need to do that work independently?

And have you detected any edge cases - for example a Web server that
includes an extra newline character in the body?

-Chris

-----Original Message-----

[ more ]  [ reply ]
Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner 2011-06-20
Ryan Dewhurst (ryandewhurst gmail com)
The client side file hashing is something I became aware of after
writing the w3af wordpress version discovery plugin a few years back.
The w3af plugin just does string matching though, if string in file,
version is x. But the idea was put forward then by someone or multiple
people (can't remember)

[ more ]  [ reply ]
Introducing WPScan ? WordPress Security Scanner 2011-06-16
Ryan Dewhurst (ryandewhurst gmail com) (2 replies)
After creating the WordPress Brute Force Tool last weekend, I decided
to create a bigger project out of it, called WPScan.

WPScan is a black box WordPress Security Scanner written in Ruby which
attempts to find known security weaknesses within WordPress
installations. Its intended use it to be for

[ more ]  [ reply ]
Re: Introducing WPScan â?? WordPress Security Scanner 2011-06-19
Veronica (vero valeros gmail com) (1 replies)
Re: Introducing WPScan ? WordPress Security Scanner 2011-06-19
Ryan Dewhurst (ryandewhurst gmail com)
Re: Introducing WPScan ? WordPress Security Scanner 2011-06-19
seth (xd seth gmail com) (1 replies)
Re: Introducing WPScan ? WordPress Security Scanner 2011-06-19
Ryan Dewhurst (ryandewhurst gmail com)
(Page 11 of 330)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus