From: Harper.Matthew (Matthew.HarperSunTrust.com)
Date: Wed Sep 01 2004 - 15:57:28 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Beyond the specific tools, there is a significant weakness in the entire
web-serve architecture if not implemented correctly due to the
underlying goals of a Service Oriented Architecture (SOA). SOA is
something I have been looking into for awhile and the OWASP site has
some good general over view articles on it.

Matthew.
-----Original Message-----
From: Koen Vingerhoets [mailto:koen.vingerhoetsubench.be]
Sent: Wednesday, September 01, 2004 3:19 AM
To: ricklivingstoncadservice.com; tommyprovidesecurity.com
Cc: pen-testsecurityfocus.com; webappsecsecurityfocus.com;
full-disclosure-adminlists.netsys.com
Subject: RE: Help Exploiting MQ

IBM MQ
- Series
- Workflow
- Websphere

A whole myriad of IBM tools... I would be interested in exploits too.
One of the oddities I encountered up to now is that not-existant pages
aren't handled by the Websphere Application Server, but thrown back to
the Apache/IIS/IBM HTTP Server. This means that that server has to be
locked down properly too... or it could give directory view and such.

Koen

-----Original Message-----
From: ricklivingstoncadservice.com
[mailto:ricklivingstoncadservice.com]
Sent: Tuesday, August 31, 2004 9:31 PM
To: tommyprovidesecurity.com
Cc: pen-testsecurityfocus.com; webappsecsecurityfocus.com;
full-disclosure-adminlists.netsys.com
Subject: RE: Help Exploiting MQ

What is MQ?

***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited. If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************

> -------- Original Message --------
> Subject: Help Exploiting MQ
> From: "Tom" <tommyprovidesecurity.com>
> Date: Tue, August 31, 2004 6:07 am
> To: full-disclosure-adminlists.netsys.com
> Cc: pen-testsecurityfocus.com, webappsecsecurityfocus.com
>
> Does anyone have any tools, techniques on how to exploit weaknesses
> within
MQ?
>
> Thanks,
>
> Tom
>
>
>
>
> ----------------------------------------------------------------------
> ----
----
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Check out our Advanced

> Hacking course, learn to write exploits and attack security
> infrastructure. Attend a
course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of
> an Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------
> ----
-----
************************************************
The information transmitted is intended solely
for the individual or entity to which it is
addressed and may contain confidential and/or
privileged material. Any review, retransmission,
dissemination or other use of or taking action
in reliance upon this information by persons or
entities other than the intended recipient is
prohibited. If you have received this email in
error please contact the sender and delete the
material from any computer.
************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]