RE: Spoofing .NET ViewState (Side Question)

["Meidinger Chris" <chris.meidinger () badenIT de>]

Hi Keith, 

Rain Forest Puppy wrote a guideline a while ago to follow when
disclosing vulnerabilities. As far as I know, it is still considered
current and reasonable.

http://www.wiretrip.net/rfp/policy.html

Cheers,

Chris

> ----- Original Message -----
> From: "Keith Hanson" <seraphimrhapsody () gmail com>
> To: <pen-test () securityfocus com>
> Sent: Friday, January 13, 2006 6:36 AM
> Subject: Spoofing .NET ViewState
>
> > Also, as a side question, how would I go about releasing an 
> exploit to
> > BugTraq with Proof-Of-Concept code and explanation of the 
> issue? I've
> > contacted the vendor, and even gave them the issue and 
> code. It's been
> > about 3 months ago, and I got no response after I gave them the
> > information for a whole month. Two weeks after submission, I asked
> > about it, and got no reply until two weeks later, I told 
> them that I'd
> > like to go ahead and publicly disclose the issue since there was no
> > response from the company. I promptly got a response explaining that
> > he thought I had been contacted (Not sure if this is all that true,
> > given the lack of any response at all to my previous 
> inquiries). What
> > do you guys suggest I do given your previous experiences?
> >
> > Thanks,
> > --Keith

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------