WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Script Based Attacks & Form Hacks

From: leighm () linuxbandwagon com
Date: Fri, 22 Jul 2005 11:13:22 +1000
And exactly how many sites have you tried this with?

leigh


Quoting Chad Maniccia <wopazar () gmail com>:


Hi List,

One thing I have not heard any one discuss is the use of automated
scripts and form hacking. I could easily write a Java program to
attack any ASP,JSP,PHP etc.. simply by viewing the page source to find
the parameters the form processor will be looking for. You could use
this to fill up some ones database with garbage bring the server to a
standstill or worse yet bypass all the fancy javascript you had on the
calling page. Some web applications actually use javascript to
calcualte currency transactions.

What ideas do you guys have to protect yourself from these?


Thanks,
Chad






--
What happened to Java version 2, 3 & 4? Why is Java 1.41 called Java2? What
version is JRE 5? what happened to them? Where did they go? Why do i download
Java1.x when im looking for Java2.0 ?

And those java fellas reckon the PHP fellas are disorganised!

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Attachment: _bin
Description: PGP Public Key

Previous By Date Next
Previous By Thread Next

Current thread: