Penetration Testing mailing list archives
Re: Spoofing .NET ViewState
From: Keith Hanson <seraphimrhapsody () gmail com>
Date: Fri, 13 Jan 2006 08:52:15 -0600
Hi guys, Thanks a ton for all the replies. I found out why it doesn't auto-populate. As proclaimed on this article: http://aspalliance.com/articleViewer.aspx?aId=135&pId = I'll spare you the explanation since most of you probably wouldn't care too too much, haha! Thanks for the help though! As far as this exploit, one of you mentioned that I should give them a reasonable amount of time. I gave them two months since I told the company about it and then said that I would be publicly releasing it very soon. I told them that after a month without any communication from their end at all (although there were a number of attempts from me to contact them)... It has since been a month since I told them that I would be releasing it. I wouldn't mind receiving credit from this, being an aspiring vulnerability researcher/pen-tester. So I guess I'm stuck in an ethical dilemma... Do I withdraw my statement from them and continue to attempt to work with them? or do I release it now, considering it's been three months that they've known about this now, only one month of which I had any contact from them? Thanks! --Keith ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Spoofing .NET ViewState Keith Hanson (Jan 12)
- Re: Spoofing .NET ViewState H D Moore (Jan 13)
- Re: Spoofing .NET ViewState bryan allott (Jan 13)
- RE: Spoofing .NET ViewState Debasis Mohanty (Jan 15)
- Re: Spoofing .NET ViewState Ademar Gonzalez (Jan 15)
- RE: Spoofing .NET ViewState Debasis Mohanty (Jan 15)
- <Possible follow-ups>
- Re: Spoofing .NET ViewState Andrew (Jan 13)
- Re: Spoofing .NET ViewState Keith Hanson (Jan 13)