Soroush Dalili (@irsdl) – سروش دلیلی

Web AppSec ninja, semicolon character enthusiast!

Skip to content

Home
Advisories
Privacy Policy

Monthly Archives: August 2009

Web application security in ASP – (simple) JSP

Language of this article is Farsi (Persian).

This article is ready to download from these links:

http://soroush.secproject.com/downloadable/ASP_Security_Soroush_Dalili.pdf

or

http://rapidshare.com/files/273684865/ASP_Security_Soroush_Dalili.zip

Cheers

Soroush

This entry was posted in Security Posts and tagged final project article, soroush dalili, Web application security in ASP, Web application security in ASP - (simple) JSP, Web application security in JSP on August 31, 2009 by Soroush Dalili.

Search for:

Social

Follow me on:

Recent Posts

File Upload Attack using XAMLX Files September 21, 2019
Uploading web.config for Fun and Profit 2 August 15, 2019
IIS Application vs. Folder Detection During Blackbox Testing July 9, 2019
Danger of Stealing Auto Generated .NET Machine Keys May 10, 2019
x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again! May 4, 2019
Exploiting Deserialisation in ASP.NET via ViewState April 23, 2019
Yet Other Examples of Abusing CSRF in Logout April 23, 2019
How to win BIG and even more! April 17, 2019
Finding and Exploiting .NET Remoting over HTTP using Deserialisation March 26, 2019
More research on .NET deserialization December 19, 2018
Feel honoured to be there again after 8 years: Top 10 Web Hacking Techniques of 2017 December 19, 2018
Story of my two (but actually three) RCEs in SharePoint in 2018 December 19, 2018
ASP.NET resource files (.RESX) and deserialization issues August 12, 2018
MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint Online August 12, 2018
WAF Bypass Techniques – Using HTTP Standard and Web Servers’ Behaviour August 12, 2018

Archives

Blog Tags

reddit.com netsec Channel Feed

Insecure use of unique identifiers leads to exposure of students/children photos July 8, 2020
Microsoft launches free Memory Forensics and Rootkit Detection service for Linux systems July 7, 2020
Urlgrab - A Golang Utility for Scraping Links from A Website July 7, 2020
Reversing DexGuard, Part 2 – Assets and Code Encryption July 7, 2020
Payload Delivery for DevOps : Building a Cross-Platform Dropper Using the Genesis Framework, Metasploit and Docker July 7, 2020

SecurityFocus Feed

Vuln: Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability
Vuln: Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability
Vuln: LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities
Vuln: KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability
Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Exploit-DB Feed

[webapps] Sickbeard 0.1 - Remote Command Injection
[webapps] Online Shopping Portal 3.1 - 'email' SQL Injection
[webapps] BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation
[webapps] Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
[remote] Microsoft Windows mshta.exe 2019 - XML External Entity Injection

Privacy Policy Proudly powered by WordPress