Re: a "good" vulnerability for educational purposes

[edjenguele christian eric <c_edjenguele () yahoo it>]

Hi,
you can start with XSS or Directory Trasversal, they are easy to exploit, check security focus for those vulnerabilities

 Christian Eric Eddjenguele
IT Security Software Developer & Researcher
--
Management, Developers, Security Professionals – can only result in one thing…… better security.
http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008



----- Messaggio originale -----
Da: "dimkovtrajce () yahoo com" <dimkovtrajce () yahoo com>
A: pen-test () securityfocus com
Inviato: Lunedì 18 agosto 2008, 15:13:13
Oggetto: a "good" vulnerability for educational purposes

Hi,

Our goal is to teach master students in computer security in pen testing remote servers.

As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is 
recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the 
vulnerability.

I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above.

Can you point me to any "good" vulnerability for this purpose?



Regards,
Trajce


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


      Posta, news, sport, oroscopo: tutto in una sola pagina. 
Crea l&#39;home page che piace a te!
www.yahoo.it/latuapagina

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------