Penetration Testing mailing list archives
RE: Spoofing .NET ViewState (Side Question)
From: "Meidinger Chris" <chris.meidinger () badenIT de>
Date: Fri, 13 Jan 2006 17:13:14 +0100
Hi Keith, Rain Forest Puppy wrote a guideline a while ago to follow when disclosing vulnerabilities. As far as I know, it is still considered current and reasonable. http://www.wiretrip.net/rfp/policy.html Cheers, Chris
----- Original Message ----- From: "Keith Hanson" <seraphimrhapsody () gmail com> To: <pen-test () securityfocus com> Sent: Friday, January 13, 2006 6:36 AM Subject: Spoofing .NET ViewStateAlso, as a side question, how would I go about releasing anexploit toBugTraq with Proof-Of-Concept code and explanation of theissue? I'vecontacted the vendor, and even gave them the issue andcode. It's beenabout 3 months ago, and I got no response after I gave them the information for a whole month. Two weeks after submission, I asked about it, and got no reply until two weeks later, I toldthem that I'dlike to go ahead and publicly disclose the issue since there was no response from the company. I promptly got a response explaining that he thought I had been contacted (Not sure if this is all that true, given the lack of any response at all to my previousinquiries). Whatdo you guys suggest I do given your previous experiences? Thanks, --Keith
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Spoofing .NET ViewState (Side Question) Meidinger Chris (Jan 13)