Archive for April, 2007
AVs prove less-effective
Last year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the following:
A tool to aid penetration testers and web developers with security testing document management applications.
Recently I made a pre-v2 release of the tool, which has received even more feedback then the previous version and the project just [...]
ASP-Auditor v2.2 Release
A new version of ASP-Auditor has been released, v2.2 (BETA).
Changelog:
# Added additional support for Anti-XSS Validation detection.
# Added ASP Source Directory Leak Check
# Added Apr/07 ASP.NET Validation Bypass Check
This is a BETA version, I would really like to start working on a stable version but require public ASP.NET servers for testing. If anyone has access [...]
Hotlinks and Persistent CSRF
[Hotlinking] is the placing of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located. Inline linking is also known as hotlinking, leeching, direct linking or bandwidth theft – [...]
Web Backdoor Compilation 1b released
I have collected some WEB backdoors in the past to exploit vulnerable file upload facilities
and others. I think a library like this may be useful in a variety of situations.
Version 1.2 is still to be released, I am in contact with a few contributers but have decided
to make a series (possibly) of releases as they [...]
Tabular Cheat Sheets
pdp (architect) encouraged me to tabulate the SQL Injection and Input Validation Cheat Sheets. It took me a good hour, but was well worth it. Check it out and let me know if you have any comments.
