Penetration Testing mailing list archives

a "good" vulnerability for educational purposes

From: dimkovtrajce () yahoo com
Date: 18 Aug 2008 13:13:13 -0000

Hi,

Our goal is to teach master students in computer security in pen testing remote servers.

As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is 
recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the 
vulnerability.

I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above.

Can you point me to any "good" vulnerability for this purpose?


 
Regards,
Trajce


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

a "good" vulnerability for educational purposes dimkovtrajce (Aug 18)
- Re: a "good" vulnerability for educational purposes Andre Amorim (Aug 18)
  - Re: a "good" vulnerability for educational purposes Kelly Keeton (Aug 18)
    - Re: a "good" vulnerability for educational purposes Jorge L. Vazquez (Aug 19)
    - Re: a "good" vulnerability for educational purposes eldraco (Aug 25)
- <Possible follow-ups>
- Re: a "good" vulnerability for educational purposes edjenguele christian eric (Aug 18)
- Re: Re: a "good" vulnerability for educational purposes eladexposed (Aug 19)