Full Disclosure mailing list archives
Re: Is OWASP vulnerable ??
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 10 Mar 2007 22:44:23 -0600
--On March 10, 2007 11:37:25 PM -0500 Valdis.Kletnieks () vt edu wrote:
You can't be serious. I can "control" a server and "force" it to give me a 404 simply by typing in a page that doesn't exist. You know - like http://www.vt.edu/bogus.htmlYeah, a 404 page controlled by the server might just be too chatty and give away info - but if you can control the input that creates the 404 page, it gets more interesting...
Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? czino2 (Mar 11)
- Re: Is OWASP vulnerable ?? Michael Silk (Mar 11)
- Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
- Re: Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? czino2 (Mar 11)
- <Possible follow-ups>
- Re: Is OWASP vulnerable ?? Steven M. Christey (Mar 12)