Web Application Security Mode:
(Page 12 of 331)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Re: securing a deliberately vulnerable web app 2011-07-05
arvind doraiswamy (arvind doraiswamy gmail com)
> This is a question for anyone who runs a deliberately vulnerable web
> app on a public facing site to allow people to test hacking it or to
> test vulnerability scanners against it. I'm thinking of things like
> http://test.acunetix.com/ .

I'm not sure a lot of those (not necessarily the one you

[ more ]  [ reply ]
securing a deliberately vulnerable web app 2011-07-03
Robin Wood (robin digininja org) (1 replies)
This is a question for anyone who runs a deliberately vulnerable web
app on a public facing site to allow people to test hacking it or to
test vulnerability scanners against it. I'm thinking of things like
http://test.acunetix.com/ .

What I'd like to know is how you go about securing the box the si

[ more ]  [ reply ]
Re: securing a deliberately vulnerable web app 2011-07-05
Jeremiah Cornelius (jeremiah nur net)
Re: SQLi with backslash 2011-06-26
Robin Wood (robin digininja org) (1 replies)
On 26 June 2011 06:02, Voulnet <voulnet (at) gmail (dot) com [email concealed]> wrote:
> Yeah, I understood from you that the web app removes only the single
> and double quotes.
>
> So what kind of query would be executed on MySQL? is it:
> 1- insert into log values ('a','b');
> or
> 2- insert into log values (a,b); <-- I doub

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-26
Voulnet (voulnet gmail com)
Re: SQLi with backslash 2011-06-25
Robin Wood (robin digininja org)
On 25 June 2011 17:51, Voulnet <voulnet (at) gmail (dot) com [email concealed]> wrote:
> Okay then, have you tried an alternate encoding? MySQL can act funny
> when asian characters are used. For reference you can see this:
>
> http://stackoverflow.com/questions/1220182/does-mysql-real-escape-string
-fully-protect-against-sql-in

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-25
Voulnet (voulnet gmail com) (1 replies)
Have you tried a backslash to let MySQL auto escape a single quote for you?
Example:

insert into log values('a\', ' );drop table log --');

If I am correct, the first parameter would be 'a\', ' <-- this would
be because with the backslash, MySQL would escape the next single
quote, and consider the

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-25
Robin Wood (robin digininja org) (1 replies)
Re: SQLi with backslash 2011-06-26
Voulnet (voulnet gmail com)
Re: SQLi with backslash 2011-06-24
Robin Wood (robin digininja org)
On 24 June 2011 15:29, JD <jdruin (at) gmail (dot) com [email concealed]> wrote:
> You count still try to insert a XSS and see if some other person is serverd
> that XSS. Surely someone (maybe an admin or power user) can see those logs.
> Also, whenever you can perform SQLi but you cannot actually see any visible
> output, blin

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-24
Robin Wood (robin digininja org)
On 24 June 2011 04:19, Henry Troup <htroup (at) acm (dot) org [email concealed]> wrote:
> You'd need to get an effective single quote in there. The MySql docs don't indicate any alternatives, but I might play around with \ 0 \ - introducing a null. Or you can see if some other layer might be kind enough to interpret some numeri

[ more ]  [ reply ]
SQLi with backslash 2011-06-22
Robin Wood (robin digininja org) (1 replies)
Hi
I've got a scenario where both single and double quotes are being
stripped but no other escaping appears to be being performed. The
database is MySQL with php on top.

The query that I've found SQL injection on is in the form

insert into log values ('a', 'b');

where I can inject in to the secon

[ more ]  [ reply ]
Re: SQLi with backslash 2011-06-24
Voulnet (voulnet gmail com) (1 replies)
Re: SQLi with backslash 2011-06-25
Robin Wood (robin digininja org) (1 replies)
Re: SQLi with backslash 2011-06-25
Voulnet (voulnet gmail com) (1 replies)
RE: SQLi with backslash 2011-06-27
Onken, Skyler (onk08001 byui edu)
RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner 2011-06-20
Chris Weber (chris casabasecurity com)
Ryan - I'm I correct that the two methods you use for identifying the WP
version are:

a) Parse the readme.html file for the version number
b) Parse the meta tag generator content for the WP version number

In the case where both of these failed, what do you do? Does Seth's plan of
comparing hashes

[ more ]  [ reply ]
RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner 2011-06-20
Chris Weber (chris casabasecurity com)
dd, have you open sourced any parts of your production code, such as the
fingerprinting data? Or do we each need to do that work independently?

And have you detected any edge cases - for example a Web server that
includes an extra newline character in the body?

-Chris

-----Original Message-----

[ more ]  [ reply ]
Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner 2011-06-20
Ryan Dewhurst (ryandewhurst gmail com)
The client side file hashing is something I became aware of after
writing the w3af wordpress version discovery plugin a few years back.
The w3af plugin just does string matching though, if string in file,
version is x. But the idea was put forward then by someone or multiple
people (can't remember)

[ more ]  [ reply ]
Introducing WPScan ? WordPress Security Scanner 2011-06-16
Ryan Dewhurst (ryandewhurst gmail com) (2 replies)
After creating the WordPress Brute Force Tool last weekend, I decided
to create a bigger project out of it, called WPScan.

WPScan is a black box WordPress Security Scanner written in Ruby which
attempts to find known security weaknesses within WordPress
installations. Its intended use it to be for

[ more ]  [ reply ]
Re: Introducing WPScan â?? WordPress Security Scanner 2011-06-19
Veronica (vero valeros gmail com) (1 replies)
Re: Introducing WPScan ? WordPress Security Scanner 2011-06-19
Ryan Dewhurst (ryandewhurst gmail com)
Re: Introducing WPScan ? WordPress Security Scanner 2011-06-19
seth (xd seth gmail com) (1 replies)
Re: Introducing WPScan ? WordPress Security Scanner 2011-06-19
Ryan Dewhurst (ryandewhurst gmail com)
Re: pentest tool for dos 2011-06-14
ShiYih Lye (shiyih lye my offgamers com) (2 replies)
hi guys,

Appreciated a lot with the feedback. I have tested HOIC and LOIC, they
are both windows, so might not that suitable for my pentest
environment, as I'm using a datacenter linux server as the attacker to
dos my webserver.

We are still testing Slowloris and RUDY. Siege so far able to trigge

[ more ]  [ reply ]
Re: pentest tool for dos 2011-06-14
Jeremiah Cornelius (jeremiah nur net) (1 replies)
Re: pentest tool for dos 2011-06-14
anthony cicalla gmail com (1 replies)
Re: pentest tool for dos 2011-06-15
hkm (hkm hakim ws)
Re: pentest tool for dos 2011-06-14
Rafael Correia (rafaelnominato gmail com)
(Page 12 of 331)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus