[OWASP-wiki-editors] "Out-of-band Resource Load"

Jim Manico jim.manico at owasp.org
Fri Jun 19 18:59:57 UTC 2015


Is there a way to tie these all together so they have the same category?

--
Jim Manico
@Manicode
(808) 652-3805

> On Jun 19, 2015, at 8:18 AM, Andrew Smith <andrew.smith at owasp.org> wrote:
> 
> Yep. Awesome. Just wanted to get some feedback before I start cranking away.
> 
> Thanks.
> 
>> On Fri, Jun 19, 2015 at 1:52 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> also SQL injection that launches as a background process out of band...
>> 
>> surely... Go for it!
>> 
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> 
>>> On Jun 19, 2015, at 3:29 AM, Andrew Smith <andrew.smith at owasp.org> wrote:
>>> 
>>> List,
>>> 
>>> I am catching up on the recent burp suite release that introduces the concept of "super blind" injection vulnerabilities. They mentions a vulnerability class that they call "Out-of-band Resource Load" that sounds very interesting to me, as it is like RFI/Path traversal, but is more generic allowing for the inclusion of non-standard protocols such as SMB, DNS, etc. What do you guys think about me adding a wiki article on this type of bug?
>>> 
>>> http://blog.portswigger.net/2015/04/introducing-burp-collaborator.html
>>> 
>>> Thanks,
>>> Andrew
>>> _______________________________________________
>>> OWASP-wiki-editors mailing list
>>> OWASP-wiki-editors at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20150619/06d7f4c0/attachment.html>


More information about the OWASP-wiki-editors mailing list