Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: PHP based defacing tool usage continue to rise

Re: PHP based defacing tool usage continue to rise

From: Christopher Kunz <chrislist_at_de-punkt.de>
Date: Mon, 30 Jan 2006 13:36:21 +0100

Hi,

we're seeing stuff like this too - only that it's "Defacing Tool 2.5" here. I
got my fingers on a copy and it's pretty basic yet kinda comfortable. Something
like Plesk for Blackhats.

If someone needs a phone-home free version of the tool for forensics or IDS
purposes, I have a tarball lying around.

In the meantime, setting a mod_security filter for "tool25" worked pretty well
for us, without any false negatives.

Regards,

--ck 

-- 
http://www.de-punkt.de   [ chris@de-punkt.de ]    http://www.stormix.de
PHP-Anwendungen sind gefährdet! SQL-Injection, XSS, Session-Angriffe,
CSRF, Commandshells, Response Splitting,... böhmische Dörfer? Dann gleich
"PHP-Sicherheit" direkt beim Verlag vorbestellen! http://www.php-sicherheit.de/
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Received on Jan 30 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]