Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Auditing mailing scripts for web app pentesters

RE: Auditing mailing scripts for web app pentesters

From: Brett Moore <brett.moore_at_insomniasec.com>
Date: Wed, 16 Jul 2008 15:08:29 +1200

Hi.

While not directly related to your papers topic. I think it would
be beneficial to raise awareness of the issue illustrated in this
paper by Gary O'Leary-Steele.

http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf

Surprising how many forgotten password mail out features are vulnerable
to this.

Brett

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On
Behalf Of Adrian Pastor
Sent: Wednesday, 16 July 2008 2:06 a.m.
To: webappsec_at_securityfocus.com
Subject: Auditing mailing scripts for web app pentesters

* PGP Signed by an unknown key

Hi guys,

We just released a paper aimed at web application pentesters. The paper
~ discusses auditing scripts for vulnerabilities that would allow using
the target organization's mail servers for spamming/phishing purposes.

The content of the paper is derived from real pentest experiences on
live e-commerce environments. I hope you find it useful and can apply
its content to your security testing assessments:

http://www.procheckup.com/CRLFi.pdf 

--
Adrian P. | Senior IT Security Consultant | ProCheckUp Ltd
* Unknown Key
* 0x06E653A6(L)
-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed?
What tools can accelerate the assessment process? Download this Whitepaper
today! 
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jul 16 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos