Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Dailydave] Sequences
From: Dinis Cruz (dinis.cruzgooglemail.com)
Date: Thu Sep 14 2006 - 17:37:00 CDT
Dave, what do you mean by:
"...Remote overflow in method parsing (somewhat tricky as product is
Java - by default it looks like a null pointer exception, but then it
illegal instructions somewhere in the heap)..."
was this a null pointed on the JVM (which should crash it) or in a
java method which returned a java.lang.nullPointerException?
OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC
OWASP .Net Project, http://www.owasp.org/index.php/.Net
On 14/09/06, Dave Aitel <daveimmunityinc.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> A good web application assessment tool requires sequences. People get
> so wrapped around pages, but pages are really not what you care about.
> What you care about is the application as an application, not a set of
> pages. It's about methods, which may or may not reside at URLS that
> end in .ASP.
> Anyways, today I was doing some testing against bobsdll.dll, which
> requires a method that looks insane. Something like this:
> All I know is that a good web application tool should be able to find
> the bugs I found today.
> o Remote information retrieval
> o Remote portscan random things (default is restricted to localhost,
> but that can be useful to detect the OS...)
> o Remote overflow in method parsing (somewhat tricky as product is
> Java - by default it looks like a null pointer exception, but then it
> illegal instructions somewhere in the heap)
> - -dave
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v184.108.40.206 (Cygwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Dailydave mailing list
Dailydave mailing list