[Owasp-dotnet] DDD: Attacking Web and Windows Applications
dinis at ddplus.net
Sat Oct 15 07:47:56 EDT 2005
If you can, an AJAX exploit demo would be great (here is the code of the
My Space worm http://www.livejournal.com/community/evan_tech/150019.html)
Alex Mackey wrote:
> Dinnis this is a classic combination of AJAX and XSS:
> Let me know if you want an AJAX demo and I will sort one for you.
> On 10/14/05, *Dinis Cruz* <dinis at ddplus.net <mailto:dinis at ddplus.net>>
> I am going to do this speak at the next UK's DDD
> (DeveloperDeveloperDeveloper) event in the UK (
> *"...Attacking Web and Windows Applications*
> In this session multiple attack vectors will be shown covering a
> wide variety of vulnerabilities and exploits: Sql Injection (basic
> and advanced), XSS (session hijacking and remote command
> execution), Elevation of Privilege, Web Services exploitation,
> AJAX exploitation, Rootkits (user and kernel level), attacking
> fat-clients by hooking into windows functions (and patching
> applications in real time), dynamically manipulating .Net client
> applications, exploiting buffer overflows, exploiting IE
> vulnerabilities, exploiting Full Trust Asp.Net, attacking IIS,
> and, using MetaSploit to automate attacks (and exploit generation)..."
> I sort of have all demos apart from the AJAX exploitation and the
> Metaspoit stuff.
> Anybody interrested in giving me a hand with these demos?
> Note: I will post as soon as I have some time to clean them up,
> the 'Rooting the CLR' demos that I did at the Washington Owasp
> Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-dotnet