WebApp Sec mailing list archives
RE: Auditing mailing scripts for web app pentesters
From: "Brett Moore" <brett.moore () insomniasec com>
Date: Wed, 16 Jul 2008 15:08:29 +1200
Hi. While not directly related to your papers topic. I think it would be beneficial to raise awareness of the issue illustrated in this paper by Gary O'Leary-Steele. http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf Surprising how many forgotten password mail out features are vulnerable to this. Brett -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adrian Pastor Sent: Wednesday, 16 July 2008 2:06 a.m. To: webappsec () securityfocus com Subject: Auditing mailing scripts for web app pentesters * PGP Signed by an unknown key Hi guys, We just released a paper aimed at web application pentesters. The paper ~ discusses auditing scripts for vulnerabilities that would allow using the target organization's mail servers for spamming/phishing purposes. The content of the paper is derived from real pentest experiences on live e-commerce environments. I hope you find it useful and can apply its content to your security testing assessments: http://www.procheckup.com/CRLFi.pdf -- Adrian P. | Senior IT Security Consultant | ProCheckUp Ltd * Unknown Key * 0x06E653A6(L) ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Auditing mailing scripts for web app pentesters Adrian Pastor (Jul 15)
- RE: Auditing mailing scripts for web app pentesters Brett Moore (Jul 16)
- Re: Auditing mailing scripts for web app pentesters Adrian Pastor (Jul 16)
- RE: Auditing mailing scripts for web app pentesters Brett Moore (Jul 16)