Penetration Testing mailing list archives

Re: WebScarab .NET SSL Error

From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Sun, 1 Jun 2008 22:21:37 +0300

Hello Danux,

If I understand correctly the problem is the maxLength property of the
text input field.

Two options:
1. use javascript:document.forms['formname'].elements['elementname'].maxLength=1000
from the browser address bar (substitute 'formname' and 'elementname']
with the ones that match yours or with their index numbers and make
sure you are in the right frame)
2. save the page locally, update the form action to include the
absolute url , http:// and all, do all the changes you want to the web
page fields so as to cater for large number of characters and submit.

Hope it helps,
ZQ

On Fri, May 30, 2008 at 12:36 PM, Danux <danuxx () gmail com> wrote:

Hi Friends,

I  am testing a .NET-SSL enabled web application, and i discovered a
possible SQL Injection, then because of lack of space in the input
field of the form, i start trying to use a Proxy like WebScarab or
Acunetix, but after submit the request through this proxies the
application stops responding  and i am not able to inject any code.
I think could be because of .NET certificate trust validation, if so?
Do you know how to bypass this issue?

Have you ever been able to test an https .NET application through a Proxy?

Thanks in Advanced.

--
Danux

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




-- 
---------------------------------------------------------------------
Κρέων
ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον
ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.
Οιδίπους Τύρρανος [110]
---------------------------------------------------------------------
Creon
In this our land, so said he, those who seek Shall find; unsought, we
lose it utterly.
Oedipus Rex [110]
---------------------------------------------------------------------

Current thread:

Re: WebScarab .NET SSL Error Zed Qyves (Jun 02)
- <Possible follow-ups>
- RE: WebScarab .NET SSL Error Maxime Ducharme (Jun 03)
  - Re: WebScarab .NET SSL Error Danux (Jun 04)
    - Re: WebScarab .NET SSL Error kevin horvath (Jun 04)
    - Message not available
    - Message not available
    - Re: WebScarab .NET SSL Error Danux (Jun 10)