Soroush Dalili (@irsdl) – سروش دلیلی

Web AppSec ninja, a semicolon enthusiast!

Skip to content

Home
Advisories
Privacy Policy

Monthly Archives: August 2009

Web application security in ASP – (simple) JSP

Language of this article is Farsi (Persian).

This article is ready to download from these links:

http://soroush.secproject.com/downloadable/ASP_Security_Soroush_Dalili.pdf

or

http://rapidshare.com/files/273684865/ASP_Security_Soroush_Dalili.zip

Cheers

Soroush

This entry was posted in Security Posts and tagged final project article, soroush dalili, Web application security in ASP, Web application security in ASP - (simple) JSP, Web application security in JSP on August 31, 2009 by Soroush Dalili.

Search for:

Social

Follow me on:

Recent Posts

My MDSec Blog Posts so far in 2020! October 31, 2020
File Upload Attack using XAMLX Files September 21, 2019
Uploading web.config for Fun and Profit 2 August 15, 2019
IIS Application vs. Folder Detection During Blackbox Testing July 9, 2019
Danger of Stealing Auto Generated .NET Machine Keys May 10, 2019
x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again! May 4, 2019
Exploiting Deserialisation in ASP.NET via ViewState April 23, 2019
Yet Other Examples of Abusing CSRF in Logout April 23, 2019
How to win BIG and even more! April 17, 2019
Finding and Exploiting .NET Remoting over HTTP using Deserialisation March 26, 2019
More research on .NET deserialization December 19, 2018
Feel honoured to be there again after 8 years: Top 10 Web Hacking Techniques of 2017 December 19, 2018
Story of my two (but actually three) RCEs in SharePoint in 2018 December 19, 2018
ASP.NET resource files (.RESX) and deserialization issues August 12, 2018
MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint Online August 12, 2018

Archives

Blog Tags

Web Security Research

CVE-2022-47966 SAML ShowStopper - In this blog, I will talk about the transform part when check XML Signature, decrypt XML. January 28, 2023
Ransacking your password reset tokens January 27, 2023
Exploiting blind file-reads in PHP by combining the dechunk filter with the memory limit January 20, 2023
XML Security in Java January 19, 2023
Exploring the World of ESI Injection January 17, 2023
Vote on the Top 10 Web Hacking Techniques of 2022 January 16, 2023
Cacti: Unauthenticated Remote Code Execution (CVE-2022-46169) January 10, 2023
Fetch Diversion January 6, 2023
Prototype Pollution in Python January 5, 2023
Call for nominations: Top 10 web hacking techniques of 2022 January 4, 2023

reddit.com netsec Channel Feed

Justice Dept. Dismantles a Major Ransomware Operation January 27, 2023
Factorization (DCQF) of a 48-bit integer using 10 trapped-ion qubits January 27, 2023
Kamailio's exec module considered harmful – RTC security January 27, 2023
Pre-Auth RCE on OpenEMR: Using a rogue MySQL server to steal your health data January 27, 2023
Fun with Gentoo: Why don't we just shuffle those ROP gadgets away? January 27, 2023

SecurityFocus Feed

Exploit-DB Feed

[webapps] Open Web Analytics 1.7.3 - Remote Code Execution
[webapps] CVAT 2.0 - Server Side Request Forgery
[remote] MSNSwitch Firmware MNT.2408 - Remote Code Execution
[remote] AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
[local] IOTransfer V4 - Unquoted Service Path

Privacy Policy Proudly powered by WordPress