Penetration Testing mailing list archives
Re: WebScarab .NET SSL Error
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Sun, 1 Jun 2008 22:21:37 +0300
Hello Danux, If I understand correctly the problem is the maxLength property of the text input field. Two options: 1. use javascript:document.forms['formname'].elements['elementname'].maxLength=1000 from the browser address bar (substitute 'formname' and 'elementname'] with the ones that match yours or with their index numbers and make sure you are in the right frame) 2. save the page locally, update the form action to include the absolute url , http:// and all, do all the changes you want to the web page fields so as to cater for large number of characters and submit. Hope it helps, ZQ On Fri, May 30, 2008 at 12:36 PM, Danux <danuxx () gmail com> wrote:
Hi Friends, I am testing a .NET-SSL enabled web application, and i discovered a possible SQL Injection, then because of lack of space in the input field of the form, i start trying to use a Proxy like WebScarab or Acunetix, but after submit the request through this proxies the application stops responding and i am not able to inject any code. I think could be because of .NET certificate trust validation, if so? Do you know how to bypass this issue? Have you ever been able to test an https .NET application through a Proxy? Thanks in Advanced. -- Danux ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
-- --------------------------------------------------------------------- Κρέων ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον. Οιδίπους Τύρρανος [110] --------------------------------------------------------------------- Creon In this our land, so said he, those who seek Shall find; unsought, we lose it utterly. Oedipus Rex [110] ---------------------------------------------------------------------
Current thread:
- Re: WebScarab .NET SSL Error Zed Qyves (Jun 02)
- <Possible follow-ups>
- RE: WebScarab .NET SSL Error Maxime Ducharme (Jun 03)
- Re: WebScarab .NET SSL Error Danux (Jun 04)
- Re: WebScarab .NET SSL Error kevin horvath (Jun 04)
- Message not available
- Message not available
- Re: WebScarab .NET SSL Error Danux (Jun 10)
- Re: WebScarab .NET SSL Error Danux (Jun 04)