Andres,
2009/11/23 Andres Riancho :
> Guys,
>
> Anybody has time to code a new audit plugin, that will find
> session fixation vulnerabilities?
I have 2 Saturdayswill this be enough? =)
>
> Basically the plugin needs to:
>
> - Read if there is a current cookie parameter names (PHPSESSI
Andres/Matt
2009/11/23 Andres Riancho :
> Matt,
>
> On Mon, Nov 23, 2009 at 5:30 PM, Matt Tesauro wrote:
>> How about starting an OWASP project on this? OWASP is a nice neutral
>> 3rd party.
>
> I agree, that could be a nice idea.
>
>> OWASP already has a wiki where anyone can add hashes to the
Matt,
On Mon, Nov 23, 2009 at 5:30 PM, Matt Tesauro wrote:
> How about starting an OWASP project on this? OWASP is a nice neutral
> 3rd party.
I agree, that could be a nice idea.
> OWASP already has a wiki where anyone can add hashes to the list.
+1
> About all the project lead would need to
Achim,
On Mon, Nov 23, 2009 at 6:02 PM, Achim Hoffmann wrote:
> !! - Append the cookie parameter to the URL:
> !! * /the/url/?id=1&PHPSESSID=w3af-session-fixation
> !! * /the/url/?id=1&FOOBAR=w3af-session-fixation
>
> Hi Andres,
>
> Session Fixation can be done in more than just this way.
!! - Append the cookie parameter to the URL:
!! * /the/url/?id=1&PHPSESSID=w3af-session-fixation
!! * /the/url/?id=1&FOOBAR=w3af-session-fixation
Hi Andres,
Session Fixation can be done in more than just this way. For example:
* /the/url;jsessionid=w3af-session-fixation/?id=1
* /th
How about starting an OWASP project on this? OWASP is a nice neutral
3rd party.
OWASP already has a wiki where anyone can add hashes to the list.
About all the project lead would need to do is set a watch on that page
and re-generate archive of the list after any new ones are added
or
you cou
Guys,
Anybody has time to code a new audit plugin, that will find
session fixation vulnerabilities?
Basically the plugin needs to:
- Read if there is a current cookie parameter names (PHPSESSID=... ; FOOBAR=...)
- Append the cookie parameter to the URL:
* /the/url/?id=1&PHPSESSID=w3
Vlatko,
On Mon, Nov 23, 2009 at 4:26 PM, Ulises2k wrote:
> more md5´s
>
> http://nmap.org/nsedoc/scripts/http-favicon.html
> http://nmap.org/svn/nselib/data/favicon-db
I think that you should somehow centralize the efforts to keep an
updated database. If every piece of software keeps its own dat
more md5´s
http://nmap.org/nsedoc/scripts/http-favicon.html
http://nmap.org/svn/nselib/data/favicon-db
On Thu, Oct 22, 2009 at 12:29, Ulises2k wrote:
> I found the same md5sum as the following one in Plex Favicon:
> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora)
>
>
