Full Disclosure mailing list archives
Re: Am I missing anything ?
From: Carl Livitt <carllivitt () yahoo com>
Date: Mon, 23 Jul 2007 10:55:33 -0700
Off the top of my head: cookie manipulation, weak session number predictability, second-order command injection, parameter manipulation such as shell redirects/pipe issues, web services (SOAP, WSDL access etc) and dangerous HTTP methods such as PUT. There'll be more, but I'm still on my first coffee... Good luck! Carl Deeþàn Chakravarthÿ wrote:
Hi All, Just wondered if I am missing anything important. Am planning to give talk on web security. Is there any other technique other than the following I have to speak about ? 1)XSS 2)CSRF 3)SQL Injection 4)AJAX/JSON hijacking 5)HTTP response splitting 6)RFI 7)CRLF 8)MITM Thanks Deepan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Am I missing anything ? Deeþàn Chakravarthÿ (Jul 23)
- Re: Am I missing anything ? Stack Smasher (Jul 23)
- Re: Am I missing anything ? Trancer (Jul 23)
- Re: Am I missing anything ? Valdis . Kletnieks (Jul 23)
- Re: Am I missing anything ? J. Patterson Wicks (Jul 23)
- Re: Am I missing anything ? Carl Livitt (Jul 23)
- Re: Am I missing anything ? Steven Adair (Jul 23)
- Re: Am I missing anything ? bugtraq (Jul 23)
- Re: [WEB SECURITY] Am I missing anything ? kwestin (Jul 23)
- Re: Am I missing anything ? Simon Smith (Jul 23)
- Re: Am I missing anything ? Sebastian Krahmer (Jul 24)
- <Possible follow-ups>
- Re: Am I missing anything ? David Byrne (Jul 23)
- Re: Am I missing anything ? Joey Mengele (Jul 23)
- Re: Am I missing anything ? Simon Smith (Jul 23)
- Re: Am I missing anything ? Joey Mengele (Jul 23)
- Re: Am I missing anything ? Simon Smith (Jul 23)
(Thread continues...)