Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Web App Pen Test Results

Re: Web App Pen Test Results

From: Scott Hazel <opiesan_at_gmail.com>
Date: Mon, 6 Nov 2006 09:40:47 -0500

Hey tsax.

Its ironically humorous that your posting about output from SPI's
product on a list sponsored by Cenzic. ;-) We've been reviewing the
WebInspect product as well and alongside the description (or down
below it) they normally provide mitigation suggestions. You should be
able to determine where the fix goes by what information they provide
there. Unless this is an Apache specific issue I would expect the
problem to be more code related, but that's just my speculation. I'm
not a pen-tester by trade. If nothing else you should also be able to
get SPI's tech support to assist. Everyone I've spoken to there seems
pretty sharp. HTH.

On 3 Nov 2006 15:29:05 -0000, tsax68_at_hotmail.com <tsax68_at_hotmail.com> wrote:
> We recently had our web app scanned with WebInspect and given the results. Thankfully, the findings aren't too severe :0, but I do have a question. One of the findings is labeled:
>
> 302 Error Message Cross-Site Scripting
>
> Summary: The handling of certain HTTP requests that produce "302 object moved" responses allows attackers to launch cross-site scripting attacks. When the server receives and HTTP request for a directory without a trailing slash, it returns a 302 object moved error message, redirecting the client to the requested directory, with a forward slash. Also included in the body of the HTTP response are any GET parameters that were included in the original request. These parameters are not properly sanitized for malicious content before being returned to the client.
>
> My question is, Is this being reported as an Apache issue or is this a web app issue? I'm trying to figure out how to fix, but I'm not sure which direction to go web server or app.........
>
> Thanks!!
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Received on Nov 06 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos