Yeah, you cannot go out of the webdir; this is a redirect (so, it will be a 302). If you're luck w/ a old version of java, try to different vuln here (response splitting, header inj., etc.)
Forum: SQL and Code Injection

Well, if you wanna play with those low-level findings tools, you could look at the http://samate.nist.gov/SRD test cases... Just be aware that those do not represent real applications, it's too much synthetic. Otherwise, go to CVE, pick a project, not too big, with lots of vulns, and run the tools on it... you can then correlate results from tools (weaknesses) with vulns.
Forum: Projects

Folks, Cigital (www.cigital.com) is looking to hire few pen-testers in NoVa, NYC or west coast. If interested send me a mail. We are looking for motivated people, it's best if you have experience in the field, but the most important is to show interest. Even if the positions are mostly for web pen-testers, you might be doing many different things. In fact, I've done online games (MMORPG, et
Forum: Jobs

go and read about web apps scanners (you can start with this http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria) and source code/byte-code scanners, then you'll be able to ask intelligible questions
Forum: Projects

you should... be proud of being a "Certified Information Systems Security Professional". You should even tatoo the sign "CISSP" somewhere IMO ;)
Forum: News and Links

thought you also promised hookers...
Forum: News and Links

not to the conf. but for beers after, am mostly available :)
Forum: News and Links

how do they block this data? __Setter__ overloaded? server-side check?
Forum: XSS Info

i don't want to see thornmaker dancing almost naked in the street with his CISSP certif folded in fig leaf... O_o
Forum: XSS Info

@thornmaker yeah, add "Thornmaker, CISSP" in your signature :} -- be proud! it's okay you know...
Forum: XSS Info

sirdarckcat Wrote: > > the cheatsheet would still be used by.. well.. > CISSPs, and tra.ckers by us :) I don't wanna spoil anything, but thornmaker is CISSP'd :P
Forum: XSS Info

Well, his main filter isn't bad at all a-zA-Z0-9:%-_ leaves few places for injection, I would remove the : and % and claim you're almost okay as long as you also do that on the headers and that the encoding is checked then, the weak filters are useless...
Forum: XSS Info

expres/**/sion also?
Forum: XSS Info

Not sure to get what you're saying here... But GIFARs are when ppl are able to upload file to your server (basically, a GIF that will be interpreted as a JAR applet later on, when rendered by the browser). Is this your case? If so, why IP restriction? Do I miss something?
Forum: CSRF and Session Info

If you want a benchmark for your crawler: http://code.google.com/p/wivet/ And based on the results, that's why I told you that w3af could be a good open-source choice
Forum: Projects

afaik, this will only work if your script is executed from the file system and not from a remote site -- otherwise, you'll be blocked by the Same Origin Policy. on the local file system, only webkit based (chrome, safari) and opera will allow you to do something like: xhr.open('GET', 'file://C:/win.ini', false); maybe some old versions of firefox & IE too, but not the last ones
Forum: XSS Info

i hope that a "sr. security engineer" must have more than a "basic experience" in "xss and sql injection." you can do better :)
Forum: Jobs

i think i remember that webgoat needs to be installed in C:/webgoatit-5.2 coz some predefined/hardcoded environment paths. otherwise, grep for the path on different files and look if there are hardcoded paths
Forum: Projects

it's quite tough to create a good crawler, many client-side technologies to parse (at least, JS & Flash for the common ones). I understand that you want something very basic, then Reiners' might work well. Anyhow, w3af has a good crawler (for an open-source product), so you might want to take a look at it -- and btw, it's already a web apps scanner framework, so you could use it to develop you
Forum: Projects

redirection service xss: hxxp://ow.ly enter URL like: http://foobar.com_unique/"><script>alert(/pwn/)</script>
Forum: Full Disclosure

hxxp://www.makeet.com/fr/recherche/<script>alert(/pwn/);</script>/index_1.html?filter=recents
Forum: Full Disclosure

What do you mean you "have"? Your websites HTML uses these markups or you can inject in these parts? Not sure to understand your request...
Forum: XSS Info

@Fugitif: very funny, especially since... http://audited.netcraft.com/web-application :)
Forum: Full Disclosure

I believe this is too high level for developers. If your target is security guy that want to learn what to teach about secure dev principles, I think it's okay. For a developer, I would rather use extensive examples (this is how ppl develop nowadays), talk about frameworks, etc. If you say "output encoding" they will say WTF is that? Will they do it right? I'm sure than most of devs won
Forum: Projects

content-type is guessed by IE based on content (if "X-Content-Type-Options: nosniff" is not set), but the download part should prevent from the automatic execution in the domain at least... Might be some scenario where the user have automatic opening / content-disposition not going through / etc. but these are border cases...
Forum: XSS Info

yeah what I think too, but anyway, it's not impossible to do it anyway with the free version...
Forum: XSS Info

Yeah, there is obviously a marketing/business choice behind that too... which I believe is not a good one.
Forum: XSS Info

This explains a bit why: https://twitter.com/RafalLos/status/1575901429
Forum: XSS Info

I was looking at the checks they have... (have to inspect the HP.AppSec.Flash.Analyzer.dll file). It's a real pity they didn't open this part (signed .NET apps/resource), it would have been great to be able extend the checks; even though they seems to be regexp/boolean-expr, it's really possible to do WAY better than what they have right now...
Forum: XSS Info

Yeah, the analysis capabilities are really limited as far as I can tell... but as gareth said, the decompiler is great. I'm pretty sure they're working on the analysis part so we should see something better coming up...
Forum: XSS Info