|
|
Colapse all |
Post message
6 char passwords and protection against brute force 2010-12-22 John Wilander (john wilander owasp org) (2 replies) Hi WebAppSec! The Gawker hack and cracking of password hashes got me thinking (http://www.duosecurity.com/blog/entry/brief_analysis_of_the_gawker_pass word_dump). Today several of the premium services on the web such as Amazon and Apple require a minimum of 6 characters in customers' passwords. I'm [ more ] [ reply ] Re: 6 char passwords and protection against brute force 2010-12-23 Dan Crowley (dcrowley coresecurity com) Re: 6 char passwords and protection against brute force 2010-12-23 Serguei A. Mokhov (mokhov cs concordia ca) hard-to-sell vulnerabilities 2010-12-21 Martín (olemoudi gmail com) (3 replies) Hi, During the course of a pen-test or a simple bug-hunt on a web application one may discover certain vulnerabilities or bad practices on the target that may be common knowledge for us sec professionals but can be tricky to "sell" to a non-technical client (manager). Writing a PoC displaying the p [ more ] [ reply ] Re: hard-to-sell vulnerabilities 2010-12-22 Brad Causey (bradcausey owasp org) (1 replies) Re: hard-to-sell vulnerabilities 2010-12-22 Daniel Lubarov (daniel lubarov com) (1 replies) WordPress possilbe SQL injections [was: SELinux - way of thefuture or good idea but !!!] 2010-12-21 Leonard den Ottolander (leonard den ottolander nl) (1 replies) Hello Jerry, On Thu, 2010-12-02 at 15:34 -0800, Jerry Franz wrote: > And in an exact example of this, today I needed to update some WordPress > (WP) installations. Only, for "some reason" the FTP based autoupdater > didn't work today. Do you feel comfortable letting a web application update itse [ more ] [ reply ] Re: [CentOS] WordPress possilbe SQL injections [was: SELinux - wayof the future or good idea but !!!] 2010-12-22 Leonard den Ottolander (leonard den ottolander nl) Stored XSS @ amazon with a book 2010-12-17 Dirk Wetter (spam drwetter org) Hi, there's in some sense a remarkable flaw in Amazon's web shop (tested on .de, co.uk, .com). It's a stored XSS vulnerability which can be exploited with a web application security book. No kidding! It's easily reproducible: 1) Go to Amazon.TLD (for TLD see above, I guess every domain should w [ more ] [ reply ] Follow-up on HTTP Parameter Pollution 2010-12-08 embyte (embyte madlab it) Hi guys, I have just blogged about a research we recently did on HTTP Parameter Pollution [1]. We designed and developed a new and unique system to detect HPP flaws in Web Applications in an automated fashion. We then tested more than 5,000 popular web sites (taken from Alexa) and we discovered tha [ more ] [ reply ] Webinar on Arachni 2010-12-01 Tasos Laskos (tasos laskos gmail com) Hi guys, My sponsor (NopSec) suggested that we do a webinar on Arachni (https://github.com/Zapotek/arachni) to show people how it works, what it has to offer etc. It'll be on Friday, December 3rd 2010 at 1 PM EST. There's going to be a brief presentation and maybe a live demo of the system. [ more ] [ reply ] winAUTOPWN v2.5 Released 2010-12-01 QUAKER DOOMER (quakerdoomer inbox lv) Dear all, This is to announce release of winAUTOPWN version 2.5 This version covers almost all remote exploits up-till November 2010. Remote Shell Upload Vulnerability Scan Module Exploits are set to off by default. Use commandline parameter -doRSH to enable them. To perform portscan alone without [ more ] [ reply ] Arachni v0.2.1 release (Web Application Security Scanner Framework) 2010-11-25 Tasos Laskos (tasos laskos gmail com) Hi guys, I?m glad to announce the v0.2.1 <http://github.com/Zapotek/arachni/downloads> release of the Arachni <http://github.com/Zapotek/arachni> Web Application Security Scanner Framework. This release brings many improvements, optimisations, new features and components; a list of which you c [ more ] [ reply ] [HITB-Announce] HITB2011AMS -- Call For Papers now Open 2010-11-18 Hafez Kamal (aphesz hackinthebox org) The Call for Papers for the second annual HITBSecConf in Europe is now open! Taking place from the 17th - 20th of May at the NH Grand Krasnapolsky in Amsterdam, HITB2011AMS will be a quad-track conference line up featuring keynote speaker Joe Sullivan (Chief Security Officer of Facebook) and a speci [ more ] [ reply ] nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November 2010-11-16 nullcon (nullcon nullcon net) nullcon Dwitiya (2.0) The Jugaad(hacking) Conference nullcon is an initiative by null - The open security community. Website: http://nullcon.net Calling all Jugaadus(hackers) It's the time of the year when we welcome research done by the community as paper submissions for nullcon. So, sip your co [ more ] [ reply ] nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November 2010-11-16 nullcon (nullcon nullcon net) nullcon Dwitiya (2.0) The Jugaad(hacking) Conference nullcon is an initiative by null - The open security community. Website: http://nullcon.net Calling all Jugaadus(hackers) It's the time of the year when we welcome research done by the community as paper submissions for nullcon. So, sip your co [ more ] [ reply ] winAUTOPWN v2.4 Released 2010-10-30 QUAKER DOOMER (quakerdoomer inbox lv) Dear all, This is to announce release of winAUTOPWN version 2.4 This version covers almost all remote exploits up-till October 2010. Web Application Exploits like Remote File Inclusion Vulnerabilities and Remote Code Execution Vulnerabilities have been now set to off by default. To enable winAUTO [ more ] [ reply ] Re: fail2ban 2010-10-30 Alexandro Silva (alexoslabs gmail com) Hi Kai, I recommend the Ossec HIDS[1]. I believe that he can help you in this situation because he'll create iptables DROP and hosts.deny rules for the BAD sources. [1] http://www.ossec.net Regards, -- Alexandro Silva alexos (at) colivre.coop (dot) br [email concealed] Colivre - http://www.colivre.coop.br This list is [ more ] [ reply ] |
|
Privacy Statement |
have had the PUT method enabled and has demonstrated it by putting a
file then deleting it again. I'm trying to set this up in my lab but
the only way I can find to enable PUT on Apache2 is to have it pass
the data to a PHP script w
[ more ] [ reply ]