Penetration Testing mailing list archives
Whitepaper - Behind Enemy Lines: Administrative Web Application Attacks
From: Rafael Dominguez-Vega <Rafael.Dominguez-Vega () mwrinfosecurity com>
Date: Wed, 30 Jul 2008 11:52:09 +0100
Hello, Web interfaces are now commonly used for administering systems and networks by organisations ranging from small businesses through to those with major enterprise environments. Most products or applications have a web interface to aid administrators with the configuration process. Administrative interfaces can be affected by vulnerabilities in just the same way as publicly facing websites can be, however additional attack vectors exist due to their interaction with different services and protocols. This white paper discusses the use of alternative protocols, such as DHCP and 802.11, to perform web based attacks; the different methods that can be used to exploiting them and details on how tools can be built to both test for the presence of vulnerabilities and to exploit them. http://www.mwrinfosecurity.com/publications/mwri_behind-enemy-lines_2008-07-25.pdf This whitepaper is supplemented by a variety of advisories, tools and demo videos. These can all be discovered at the following location. http://www.mwrinfosecurity.com/content/publications.php Regards, Rafa ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Whitepaper - Behind Enemy Lines: Administrative Web Application Attacks Rafael Dominguez-Vega (Jul 30)