[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Auditing mailing scripts for web app pentesters

From: Adrian Pastor <adrian.pastor@xxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Auditing mailing scripts for web app pentesters
Date: Wed, 16 Jul 2008 09:26:43 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

We just released a paper aimed at web application pentesters. The paper
discusses auditing scripts for vulnerabilities that would allow using
the target organization's mail servers for spamming/phishing purposes.

The content of the paper is derived from real pentest experiences on
live e-commerce environments. We hope you find it useful and can apply
its content to your security testing assessments:

http://www.procheckup.com/CRLFi.pdf
- --
Adrian P. | Senior IT Security Consultant | ProCheckUp Ltd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD4DBQFIfbDDUmN3xwbmU6YRAvh/AJ9eXA86JbDiWXdp2QOstcbP+nuI3ACWMbBV
Ho1FaHjoNGHKql/kjJEfyQ==
=mu17
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Prev by Date: [WEB SECURITY] Paper draft: Enough With Default Allow in Web Applications!
Next by Date: [WEB SECURITY] RE: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications)
Previous by thread: [WEB SECURITY] Paper draft: Enough With Default Allow in Web Applications!
Next by thread: [WEB SECURITY] slow, deliberate ftp probes
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site