[Owasp-dotnet] DDD: Attacking Web and Windows Applications
Dinis Cruz
dinis at ddplus.net
Sat Oct 15 07:47:56 EDT 2005
Thanks Alex,
If you can, an AJAX exploit demo would be great (here is the code of the
My Space worm http://www.livejournal.com/community/evan_tech/150019.html)
Dinis
Alex Mackey wrote:
> Dinnis this is a classic combination of AJAX and XSS:
> http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391
>
> Let me know if you want an AJAX demo and I will sort one for you.
>
> Alex
>
>
>
>
>
> On 10/14/05, *Dinis Cruz* <dinis at ddplus.net <mailto:dinis at ddplus.net>>
> wrote:
>
> I am going to do this speak at the next UK's DDD
> (DeveloperDeveloperDeveloper) event in the UK (
> http://www.developerday.co.uk/ddd/agendaddd2.asp)
>
> *"...Attacking Web and Windows Applications*
>
> In this session multiple attack vectors will be shown covering a
> wide variety of vulnerabilities and exploits: Sql Injection (basic
> and advanced), XSS (session hijacking and remote command
> execution), Elevation of Privilege, Web Services exploitation,
> AJAX exploitation, Rootkits (user and kernel level), attacking
> fat-clients by hooking into windows functions (and patching
> applications in real time), dynamically manipulating .Net client
> applications, exploiting buffer overflows, exploiting IE
> vulnerabilities, exploiting Full Trust Asp.Net, attacking IIS,
> and, using MetaSploit to automate attacks (and exploit generation)..."
>
> I sort of have all demos apart from the AJAX exploitation and the
> Metaspoit stuff.
>
> Anybody interrested in giving me a hand with these demos?
>
> Note: I will post as soon as I have some time to clean them up,
> the 'Rooting the CLR' demos that I did at the Washington Owasp
> Conference
>
> Dinis Cruz
> Owasp-dotNet
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-dotnet/attachments/20051015/62a718f7/attachment.html
More information about the Owasp-dotnet
mailing list