WebApp Sec mailing list archives
Re: Script Based Attacks & Form Hacks
From: Stephen de Vries <stephen () corsaire com>
Date: Fri, 22 Jul 2005 09:11:08 +0000
Hi Chad,You may find some of these attacks described in the paper "Application Level Denial of Service Attacks" http://www.corsaire.com/ white-papers/040405-application-level-dos-attacks.pdf
cheers, Stephen On 21 Jul 2005, at 17:30, Chad Maniccia wrote:
Hi List, One thing I have not heard any one discuss is the use of automated scripts and form hacking. I could easily write a Java program to attack any ASP,JSP,PHP etc.. simply by viewing the page source to find the parameters the form processor will be looking for. You could use this to fill up some ones database with garbage bring the server to a standstill or worse yet bypass all the fancy javascript you had on the calling page. Some web applications actually use javascript to calcualte currency transactions. What ideas do you guys have to protect yourself from these? Thanks, Chad
Current thread:
- Re: Script Based Attacks & Form Hacks, (continued)
- Re: Script Based Attacks & Form Hacks Paul Kurczaba (Jul 21)
- Re: Script Based Attacks & Form Hacks Sean Utt (Jul 22)
- Re: Script Based Attacks & Form Hacks Vicente Aguilera (Jul 22)
- Re: Script Based Attacks & Form Hacks Andrew van der Stock (Jul 22)
- Re: Script Based Attacks & Form Hacks Stephen de Vries (Jul 22)
- Re: Script Based Attacks & Form Hacks Vicente Aguilera (Jul 22)
- Re: Script Based Attacks & Form Hacks Stephen de Vries (Jul 23)
- Re: Script Based Attacks & Form Hacks Christian Martorella (Jul 23)
- Re: Script Based Attacks & Form Hacks Paul Kurczaba (Jul 21)
- RE: Script Based Attacks & Form Hacks Jose Varghese (Jul 22)