WebApp Sec mailing list archives
Re: Auditing mailing scripts for web app pentesters
From: Adrian Pastor <adrian.pastor () procheckup com>
Date: Wed, 16 Jul 2008 11:31:15 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Brett, I came across this paper a while ago but had forgotten about it! Will definitely keep it in mind for future assessments. What percentage of ASP.NET/MS SQL environments would you say you find vulnerable to this attack against "forgotten password" facilities? Also, have you found other types of environments vulnerable to this attack as well? Brett Moore wrote: | Hi. | | While not directly related to your papers topic. I think it would | be beneficial to raise awareness of the issue illustrated in this | paper by Gary O'Leary-Steele. | | http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf | | Surprising how many forgotten password mail out features are vulnerable | to this. | | Brett | | -----Original Message----- | From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On | Behalf Of Adrian Pastor | Sent: Wednesday, 16 July 2008 2:06 a.m. | To: webappsec () securityfocus com | Subject: Auditing mailing scripts for web app pentesters | | * PGP Signed by an unknown key | | Hi guys, | | We just released a paper aimed at web application pentesters. The paper | ~ discusses auditing scripts for vulnerabilities that would allow using | the target organization's mail servers for spamming/phishing purposes. | | The content of the paper is derived from real pentest experiences on | live e-commerce environments. I hope you find it useful and can apply | its content to your security testing assessments: | | http://www.procheckup.com/CRLFi.pdf | -- | Adrian P. | Senior IT Security Consultant | ProCheckUp Ltd | | * Unknown Key | * 0x06E653A6(L) | | | ------------------------------------------------------------------------- | Sponsored by: Watchfire | Methodologies & Tools for Web Application Security Assessment | With the rapid rise in the number and types of security threats, web | application security assessments should be considered a crucial phase in the | development of any web application. What methodology should be followed? | What tools can accelerate the assessment process? Download this Whitepaper | today! | | https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F | ------------------------------------------------------------------------- | | | - -- Adrian P. | Senior IT Security Consultant | ProCheckUp Ltd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIfc3zUmN3xwbmU6YRAlFhAJ40Ld2qKwRBTI8JVjArjho+HjJlsACgpth/ glWdhF1abA88OU6QsjVvhY8= =4eRV -----END PGP SIGNATURE----- -------------------------------------------------------------------------Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Auditing mailing scripts for web app pentesters Adrian Pastor (Jul 15)
- RE: Auditing mailing scripts for web app pentesters Brett Moore (Jul 16)
- Re: Auditing mailing scripts for web app pentesters Adrian Pastor (Jul 16)
- RE: Auditing mailing scripts for web app pentesters Brett Moore (Jul 16)