Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] FAO Mark Murtagh from Websense
From: Barrie Dempster (barriereboot-robot.net)
Date: Sun Nov 13 2005 - 06:26:44 CST
On Sat, 2005-11-12 at 19:28 -0800, Morning Wood wrote:
> >First you missed the comment where I fixed my typo on the thread,
> >second, I thought someone of your "hacking" experience, you would have
> >been able to translate that message by yourself. In any case, I made
> umm, no I doubt I missed anything except your contentless dribble.
> but I did notice the "error" of the web application... not only is it
> vulnerable to SQL injection, it is also vuln to XSS. Possibly
> you would like to enroll in a Zone-H Hands on Hacking Seminar
> so you too might be able to understand them too, instead of filling this
> list with your paranoid, meglomanic rants.
Initially I thought he was pointing out the SQL injection himself in his
write up somewhere, personally couldn't read the article to the end -
sounded like someone who had never actually worked on a system that had
real security issues (maliciously or legitimately) combined with the
incompetent writing skills it just wasn't worth carrying on. I don't
know what is funnier, the crap he spouts, the fact he didn't notice the
most blatant SQL injection evidence you could get, or that he flamed
your ' "hacking" experience" ' because he thought you didn't know to
take the trailing slash away to get to the content.
Barrie Dempster (zeedo) - Fortiter et Strenue
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
sites: http://www.bsrf.org.uk - http://www.security-forums.com
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- application/x-pkcs7-signature attachment: smime.p7s