[Owasp-o2-platform] ASP.NET POET Vulnerability

Wagner Elias welias at conviso.com.br
Mon Sep 20 10:20:29 EDT 2010


Hi Guys!

I was in Ekoparty and attended the talk!

Follow any links and approachs:

http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx

http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx

Regards.
--------------------------------------------------------------------------------
Wagner Elias, CBCP, SANS GIAC, CobiTc, ITILc
Research & Development Manager
Blog: http://wagnerelias.com
Twitter: http://www.twitter.com/welias
Conviso IT Security - http://www.conviso.com.br



On Mon, Sep 20, 2010 at 11:14 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

> Hi, are you guys following the ASP.NET POET Vulnerability?
>
> There seems to be quite a lot of information out there, but I have not seen
> a consolidated and objective analysis of the problem, its scope and
> effective remeditations.
>
> This could be a good oportunity for the OWASP-Dotnet project to add value
> to the .NET world by creating a consolidated and un-bias information page(s)
> about this issue.
>
> Namely I'm thinking of a page in our www.owasp.org wiki.
>
> I've started the process by creating a WIKI page with the info I could
> find: http://www.owasp.org/index.php/ASP.NET POET Vulnerability
>
> I would like this page to look like one of the really good Wikipedia
> articles (with good/objective description of the problem, good technical
> desciption of the problem and tons of references)
>
> Btw, anybody has gotten a working PoC for the ASP.NET POET Vulnerability?
> I want to create an O2 module/script that detects (and exploits) this issue
>
> Dinis Cruz
>
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
>
> _______________________________________________
> Owasp-o2-platform mailing list
> Owasp-o2-platform at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20100920/781c2f99/attachment.html 


More information about the Owasp-o2-platform mailing list