[OWASP-wiki-editors] "Out-of-band Resource Load"

Andrew Smith andrew.smith at owasp.org
Fri Jun 19 19:17:33 UTC 2015


Hmm. Perhaps out-of-band injection attacks?

On Fri, Jun 19, 2015 at 2:59 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Is there a way to tie these all together so they have the same category?
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Jun 19, 2015, at 8:18 AM, Andrew Smith <andrew.smith at owasp.org> wrote:
>
> Yep. Awesome. Just wanted to get some feedback before I start cranking
> away.
>
> Thanks.
>
> On Fri, Jun 19, 2015 at 1:52 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> also SQL injection that launches as a background process out of band...
>>
>> surely... Go for it!
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Jun 19, 2015, at 3:29 AM, Andrew Smith <andrew.smith at owasp.org> wrote:
>>
>> List,
>>
>> I am catching up on the recent burp suite release that introduces the
>> concept of "super blind" injection vulnerabilities. They mentions a
>> vulnerability class that they call "Out-of-band Resource Load" that sounds
>> very interesting to me, as it is like RFI/Path traversal, but is more
>> generic allowing for the inclusion of non-standard protocols such as SMB,
>> DNS, etc. What do you guys think about me adding a wiki article on this
>> type of bug?
>>
>> http://blog.portswigger.net/2015/04/introducing-burp-collaborator.html
>>
>> Thanks,
>> Andrew
>>
>> _______________________________________________
>> OWASP-wiki-editors mailing list
>> OWASP-wiki-editors at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20150619/122424db/attachment-0001.html>


More information about the OWASP-wiki-editors mailing list