Dailydave mailing list archives
Re: Sequences
From: "Dinis Cruz" <dinis.cruz () googlemail com>
Date: Thu, 14 Sep 2006 23:37:00 +0100
Dave, what do you mean by: "...Remote overflow in method parsing (somewhat tricky as product is Java - by default it looks like a null pointer exception, but then it illegal instructions somewhere in the heap)..." was this a null pointed on the JVM (which should crash it) or in a java method which returned a java.lang.nullPointerException? Best regards Dinis Cruz OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC OWASP .Net Project, http://www.owasp.org/index.php/.Net On 14/09/06, Dave Aitel <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A good web application assessment tool requires sequences. People get so wrapped around pages, but pages are really not what you care about. What you care about is the application as an application, not a set of pages. It's about methods, which may or may not reside at URLS that end in .ASP. Anyways, today I was doing some testing against bobsdll.dll, which requires a method that looks insane. Something like this: http://host/bobsdll.dll/?^loadBLOB^passwordSECRET^myscript=bob(cow) All I know is that a good web application tool should be able to find the bugs I found today. o Remote information retrieval o Remote portscan random things (default is restricted to localhost, but that can be useful to detect the OS...) o Remote overflow in method parsing (somewhat tricky as product is Java - by default it looks like a null pointer exception, but then it illegal instructions somewhere in the heap) - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFCdO2tehAhL0gheoRArdzAJ0Y4mJ8V5FYxWwvqW9YenclSHP5pACdHYU3 gfn1F7/ndWRCUQ5a364pYjk= =OW+w -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Sequences Dave Aitel (Sep 14)
- Re: Sequences Dinis Cruz (Sep 14)
- Re: Sequences Dave Korn (Sep 15)
- Re: Sequences Dinis Cruz (Sep 14)