[Owasp-testing] Project Update
Dave van Stein
dvstein at gmail.com
Sat Aug 30 07:41:12 EDT 2008
Today I stumbled upon a presentation of Joe Walker on Web Application
Security. In this presentation he mentioned Cross Protocol Exploitation.
This basically is a way of using CSRF or XSS to send commands to a
non-webserver (in his presentation he uses an example of sending the
commands for constructing a mail to a SMTP server).
For the presentation, Google on "cross protocol exploitation joe walker" or
use this link:
I looked into our index and although this exploit is closely related to code
and command injection I think it deserves it own section. Do you agree or
did I miss something and can it be used as an example in one of the existing
I hate bringing this up so late in the project, but I thought it was worth
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing