WebApp Sec mailing list archives
RE: Script Based Attacks & Form Hacks
From: "WebAppSecurity [Technicalinfo.net]" <webappsec () technicalinfo net>
Date: Fri, 22 Jul 2005 10:02:26 +0100
Hi Chad, I think you will find the following paper exhaustive enough to answer your question: http://www.ngssoftware.com/papers/StoppingAutomatedAttackTools.pdf Cheers, Gunter
-----Original Message----- From: Chad Maniccia [mailto:wopazar () gmail com] Sent: 21 July 2005 18:31 To: webappsec () securityfocus com Subject: Script Based Attacks & Form Hacks Hi List, One thing I have not heard any one discuss is the use of automated scripts and form hacking. I could easily write a Java program to attack any ASP,JSP,PHP etc.. simply by viewing the page source to find the parameters the form processor will be looking for. You could use this to fill up some ones database with garbage bring the server to a standstill or worse yet bypass all the fancy javascript you had on the calling page. Some web applications actually use javascript to calcualte currency transactions. What ideas do you guys have to protect yourself from these? Thanks, Chad
Current thread:
- Re: Script Based Attacks & Form Hacks, (continued)
- Re: Script Based Attacks & Form Hacks Sean Utt (Jul 22)
- Re: Script Based Attacks & Form Hacks Vicente Aguilera (Jul 22)
- Re: Script Based Attacks & Form Hacks Andrew van der Stock (Jul 22)
- Re: Script Based Attacks & Form Hacks Stephen de Vries (Jul 22)
- Re: Script Based Attacks & Form Hacks Vicente Aguilera (Jul 22)
- Re: Script Based Attacks & Form Hacks Stephen de Vries (Jul 23)
- Re: Script Based Attacks & Form Hacks Christian Martorella (Jul 23)
- RE: Script Based Attacks & Form Hacks Jose Varghese (Jul 22)