Soroush Dalili (@irsdl) – سروش دلیلی

Web AppSec ninja, semicolon character enthusiast!

Skip to content

Home
Advisories
Archives

Monthly Archives: August 2009

Web application security in ASP – (simple) JSP

Language of this article is Farsi (Persian).

This article is ready to download from these links:

http://soroush.secproject.com/downloadable/ASP_Security_Soroush_Dalili.pdf

or

http://rapidshare.com/files/273684865/ASP_Security_Soroush_Dalili.zip

Cheers

Soroush

This entry was posted in Security Articles and tagged final project article, soroush dalili, Web application security in ASP, Web application security in ASP - (simple) JSP, Web application security in JSP on August 31, 2009 by Soroush Dalili.

Search for:

Social

Follow me on:

Recent Posts

Bug Bounty vs Penetration Testing (Simple Unbiased Comparison) February 20, 2018
Rare ASP.NET request validation bypass using request encoding February 20, 2018
Additional notes on “A Forgotten HTTP Invisibility Cloak” talk! September 1, 2017
Request encoding to bypass web application firewalls August 24, 2017
When a web application SSRF causes the cloud to rain credentials & more August 24, 2017
CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers August 24, 2017
Using Firefox Profiles in Security Testing May 1, 2017
Flash it baby! October 1, 2016
Common Security Issues in Web-Based Payment Systems (& Gambling Apps) June 11, 2015
Interesting XML Processing in Copy/Paste in Word and Outlook March 31, 2015
Non-Root-Relative Path Overwrite (RPO) in IIS and .Net applications February 23, 2015
Analysis of setting cookies for third party websites in different browsers February 22, 2015
IIS Short File Name Disclosure is back! Is your server vulnerable? August 9, 2014
Upload a web.config File for Fun & Profit July 26, 2014
File Upload and PHP on IIS: >=? and <=* and "=. July 23, 2014

Archives

Blog Tags

reddit.com netsec Channel Feed

phpMyAdmin 4.8.x LFI to RCE June 21, 2018
The A-to-Z of Cloud Exposure DLP & Incident Response June 21, 2018
TLbleed: the reason why OpenBSD disabled HyperThreading June 20, 2018
Wavethrough - Bypassing modern browsers security policies with audio files & service workers June 20, 2018
Using the Office 365 Activities API to Investigate Business Email Compromises June 20, 2018

SecurityFocus Feed

Vuln: Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
Vuln: Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
Vuln: Oracle Outside In Technology CVE-2018-2801 Remote Security Vulnerability
Vuln: Oracle Outside In Technology CVE-2018-2768 Remote Security Vulnerability
Bugtraq: FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu

Exploit-DB Feed

[webapps] MaDDash 2.0.2 - Directory Listing
[webapps] TP-Link TL-WA850RE - Remote Command Execution
[webapps] NewMark CMS 2.1 - 'sec_id' SQL Injection
[webapps] Apache CouchDB < 2.1.0 - Remote Code Execution
[dos] Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Proudly powered by WordPress