Full Disclosure mailing list archives
Re [2]: iiscan results - a closer look
From: Vladimir Vorontsov <vladimir.vorontsov () onsec ru>
Date: Mon, 11 Jan 2010 14:26:01 +0300
Good day all, Give a few keys from me: 37e65b9f6a61bc3f e2dcfc0b249e4a73 de744886da78d1ac 32bd48ed74ef30e5 858c1d2b83b2ec06 On Fri, 8 Jan 2010 16:42:33 -0400, dd () sucuri net wrote:
I played with it a little yesterday and posted my thoughts (as well as a summary of their whole scan) at: http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html It is a nice tool with some good checks looking for SQL, XSS, etc... I just think they didn't look deep enough in my site to check more stuff... --dd On Thu, Jan 7, 2010 at 11:58 AM, Robin Sage <robin.sage () rocketmail com> wrote:If anyone has any more invite codes please send one to me. I tried the ones posted and they were not functional. I also emailed support and never received a response. Has anyone compared this to AppScan, WebInspect, Sentinnel, Qualys or Acunetix ? How many trials do you get per invite code? Just 1 app? Thanks! ________________________________ From: Jardel Weyrich <jweyrich () gmail com> To: p8x <l () p8x net> Cc: full-disclosure () lists grok org uk Sent: Thu, January 7, 2010 9:33:07 AM Subject: Re: [Full-disclosure] iiscan results It's probably trying to get different results/responses by changing the values of some request headers. The most common scenario, as far as I've seen, and as oddly as it might sound, is the User-Agent and HTTP minor version. A more verbose logging strategy would demystify. Or maybe Vincent?_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- ----------------------------------------------------------------- Best regards! Vladimir Vorontsov, security expert. ONsec: turn on security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: iiscan results - a closer look dd (Jan 10)
- Re: iiscan results - a closer look jack mannino (Jan 10)
- Re [2]: iiscan results - a closer look Vladimir Vorontsov (Jan 11)