|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Sequences
From: Dinis Cruz (dinis.cruz
googlemail.com)
Date: Thu Sep 14 2006 - 17:37:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dave, what do you mean by:
"...Remote overflow in method parsing (somewhat tricky as product is
Java - by default it looks like a null pointer exception, but then it
illegal instructions somewhere in the heap)..."
was this a null pointed on the JVM (which should crash it) or in a
java method which returned a java.lang.nullPointerException?
Best regards
Dinis Cruz
OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC
OWASP .Net Project, http://www.owasp.org/index.php/.Net
On 14/09/06, Dave Aitel <daveimmunityinc.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A good web application assessment tool requires sequences. People get
> so wrapped around pages, but pages are really not what you care about.
> What you care about is the application as an application, not a set of
> pages. It's about methods, which may or may not reside at URLS that
> end in .ASP.
>
> Anyways, today I was doing some testing against bobsdll.dll, which
> requires a method that looks insane. Something like this:
> http://host/bobsdll.dll/?^loadBLOB^passwordSECRET^myscript=bob(cow)
>
> All I know is that a good web application tool should be able to find
> the bugs I found today.
> o Remote information retrieval
> o Remote portscan random things (default is restricted to localhost,
> but that can be useful to detect the OS...)
> o Remote overflow in method parsing (somewhat tricky as product is
> Java - by default it looks like a null pointer exception, but then it
> illegal instructions somewhere in the heap)
>
> - -dave
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.1 (Cygwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFCdO2tehAhL0gheoRArdzAJ0Y4mJ8V5FYxWwvqW9YenclSHP5pACdHYU3
> gfn1F7/ndWRCUQ5a364pYjk=
> =OW+w
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]