This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.
32bc66497949946f49a5d475504377f6fb06a5d809e9e46ec66cb3f3191a2b7bMyConnection Server version 8.2b suffers from a cross site scripting vulnerability.
c9ab77625e1367cca46f4d58fe3c3178212c8c6049ec8e802f27e40fb5e81473TomatoCart version 1.1.8.6.1 suffers from a cross site scripting vulnerability.
79fa551178c89cd026702176897012baab890d8c7eba697d2cb60aa11162509cPizza Inn Registration suffers from a persistent cross site scripting vulnerability.
5a1edb79b7fe3d9798b3fa1e02d42acaf8165ce59f390a7d27dbc6a0528d5111OKCupid server error pages suffered from a cross site scripting vulnerability.
55b9edd72c42fe42439c54b83648a6ae9a40cbf862490bd921f0a61780685848Your Online Shop suffers from a reflective cross site scripting vulnerability.
8a1368e00d3bdd6c67cc3a0fb225fcffbf5805b7e49ded4b9610a5024c9e2a91Exponent CMS version 2.3.0 suffers from a POST reflective cross site scripting vulnerability.
8de9029830cf1e4c70982c3606140b89c2335ac9e0895a778b8774e36b32e9e2WordPress version 3.6 suffers from multiple URL redirection restriction bypass vulnerabilities.
b7c554cd3d39594ec433361de09accd00a8298b232665ded7801c40c285494bbOpenDocMan version 1.2.6.2 suffers from remote SQL injection and multiple access bypass vulnerabilities.
b865110065c53e1f31eed37d7378c899a40f17fdecd48dbbcec488cf1491d1beAddressbook versions 8.1.24.1 and 8.2.5 suffer from a cross site scripting vulnerability in Group Name.
20aebf2bfe9b011017e46733e1177c025ebc2f405f02f295a97fb67315a1919dFront Account version 2.3.13 and OpenDocMan version 1.2.6.2 render uploaded HTML in the DOM allowing for malicious javascript insertion that can enable cross site scripting attacks.
39b7dc1d98dc77b0a1fe1263b285315dc66fe88c63545e29291abfda9cf4a8f1Whitepaper titled "Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security".
61c4df4f6cd97bb1f07965a78034ff548b67189ecc2115b7f28bbf34efe4e5d2Presentation entitled "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications" from the AT&T ISNN Lecture Series. The aim of the presentation is to cover a limited set of web application vulnerability types and show the impact of these vulnerabilities via real world cases.
864d22be9ea2fbe90fc389e48dd1b7e860db2d314108cd24933a16b4659c7ec8Ipswitch What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials.
c45af487c7e701523e3170d31c0f127bc7bab3856ae1e9d76f301b7c98ab5dcdThis presentation was given by the keynote speaker at the FiTech Summit 2005. It is entitled "How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk".
3ab52b06315c51be5592e0eb263596d926684a34f932ce28649184d7e7e1d185Exploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.
0709918fda79c675a96d4652e41493a81d31f543e718af8b4e99466278e268a4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed