WebApp Sec mailing list archives
RE: Help Exploiting MQ
From: "Harper.Matthew" <Matthew.Harper () SunTrust com>
Date: Wed, 1 Sep 2004 16:57:28 -0400
Beyond the specific tools, there is a significant weakness in the entire web-serve architecture if not implemented correctly due to the underlying goals of a Service Oriented Architecture (SOA). SOA is something I have been looking into for awhile and the OWASP site has some good general over view articles on it. Matthew. -----Original Message----- From: Koen Vingerhoets [mailto:koen.vingerhoets () ubench be] Sent: Wednesday, September 01, 2004 3:19 AM To: rick () livingstoncadservice com; tommy () providesecurity com Cc: pen-test () securityfocus com; webappsec () securityfocus com; full-disclosure-admin () lists netsys com Subject: RE: Help Exploiting MQ IBM MQ - Series - Workflow - Websphere A whole myriad of IBM tools... I would be interested in exploits too. One of the oddities I encountered up to now is that not-existant pages aren't handled by the Websphere Application Server, but thrown back to the Apache/IIS/IBM HTTP Server. This means that that server has to be locked down properly too... or it could give directory view and such. Koen -----Original Message----- From: rick () livingstoncadservice com [mailto:rick () livingstoncadservice com] Sent: Tuesday, August 31, 2004 9:31 PM To: tommy () providesecurity com Cc: pen-test () securityfocus com; webappsec () securityfocus com; full-disclosure-admin () lists netsys com Subject: RE: Help Exploiting MQ What is MQ? *********************************************************************** This message is intended only for the use of the intended recipient and may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. ***********************************************************************
-------- Original Message -------- Subject: Help Exploiting MQ From: "Tom" <tommy () providesecurity com> Date: Tue, August 31, 2004 6:07 am To: full-disclosure-admin () lists netsys com Cc: pen-test () securityfocus com, webappsec () securityfocus com Does anyone have any tools, techniques on how to exploit weaknesses within
MQ?
Thanks, Tom ---------------------------------------------------------------------- ----
----
Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced
Hacking course, learn to write exploits and attack security infrastructure. Attend a
course
taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------- ----
----- ************************************************ The information transmitted is intended solely for the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please contact the sender and delete the material from any computer. ************************************************
Current thread:
- RE: Help Exploiting MQ rick (Aug 31)
- RE: Help Exploiting MQ Aditya (Sep 01)
- RE: Help Exploiting MQ Dimitrov, Constantin (Sep 01)
- RE: Help Exploiting MQ Aditya (Sep 01)
- Re: Help Exploiting MQ Bill Marquette (Sep 02)
- RE: Help Exploiting MQ Dimitrov, Constantin (Sep 01)
- RE: Help Exploiting MQ Aditya (Sep 01)
- RE: Help Exploiting MQ Dimitrov, Constantin (Sep 01)
- RE: Help Exploiting MQ Koen Vingerhoets (Sep 01)
- RE: Help Exploiting MQ Martin G. Nystrom (Sep 01)
- <Possible follow-ups>
- Help Exploiting MQ Tom (Sep 02)
- Re: Help Exploiting MQ Adam Tuliper (Sep 02)
- RE: Help Exploiting MQ Harper.Matthew (Sep 02)
- RE: Help Exploiting MQ Robert . L . Grill (Sep 05)
- Re: Help Exploiting MQ NinjasFlipOutAndKillPeopleAllTheTime (Sep 06)