Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Is OWASP vulnerable ??
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 10 Mar 2007 22:44:23 -0600

--On March 10, 2007 11:37:25 PM -0500 Valdis.Kletnieks () vt edu wrote:

Yeah, a 404 page controlled by the server might just be too chatty and
give away info - but if you can control the input that creates the 404
page, it gets more interesting...

You can't be serious. I can "control" a server and "force" it to give me a 404 simply by typing in a page that doesn't exist. You know - like http://www.vt.edu/bogus.html

Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]