Home page logo

pen-test logo Penetration Testing mailing list archives

Re: WebScarab .NET SSL Error
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Sun, 1 Jun 2008 22:21:37 +0300

Hello Danux,

If I understand correctly the problem is the maxLength property of the
text input field.

Two options:
1. use javascript:document.forms['formname'].elements['elementname'].maxLength=1000
from the browser address bar (substitute 'formname' and 'elementname']
with the ones that match yours or with their index numbers and make
sure you are in the right frame)
2. save the page locally, update the form action to include the
absolute url , http:// and all, do all the changes you want to the web
page fields so as to cater for large number of characters and submit.

Hope it helps,

On Fri, May 30, 2008 at 12:36 PM, Danux <danuxx () gmail com> wrote:
Hi Friends,

I  am testing a .NET-SSL enabled web application, and i discovered a
possible SQL Injection, then because of lack of space in the input
field of the form, i start trying to use a Proxy like WebScarab or
Acunetix, but after submit the request through this proxies the
application stops responding  and i am not able to inject any code.
I think could be because of .NET certificate trust validation, if so?
Do you know how to bypass this issue?

Have you ever been able to test an https .NET application through a Proxy?

Thanks in Advanced.


This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides


ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον
ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.
Οιδίπους Τύρρανος [110]
In this our land, so said he, those who seek Shall find; unsought, we
lose it utterly.
Oedipus Rex [110]

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]