Soroush Dalili (@irsdl) – سروش دلیلی

Web AppSec ninja, semicolon character enthusiast!

Skip to content

Home
Advisories
Archives
Privacy Policy

Monthly Archives: August 2009

Web application security in ASP – (simple) JSP

Language of this article is Farsi (Persian).

This article is ready to download from these links:

http://soroush.secproject.com/downloadable/ASP_Security_Soroush_Dalili.pdf

or

http://rapidshare.com/files/273684865/ASP_Security_Soroush_Dalili.zip

Cheers

Soroush

This entry was posted in Security Articles and tagged final project article, soroush dalili, Web application security in ASP, Web application security in ASP - (simple) JSP, Web application security in JSP on August 31, 2009 by Soroush Dalili.

Search for:

Social

Follow me on:

Recent Posts

How to win BIG and even more! April 17, 2019
Finding and Exploiting .NET Remoting over HTTP using Deserialisation March 26, 2019
More research on .NET deserialization December 19, 2018
Feel honoured to be there again after 8 years: Top 10 Web Hacking Techniques of 2017 December 19, 2018
Story of my two (but actually three) RCEs in SharePoint in 2018 December 19, 2018
ASP.NET resource files (.RESX) and deserialization issues August 12, 2018
MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint Online August 12, 2018
WAF Bypass Techniques – Using HTTP Standard and Web Servers’ Behaviour August 12, 2018
SMB hash hijacking & user tracking in MS Outlook August 12, 2018
Bug Bounty vs Penetration Testing (Simple Unbiased Comparison) February 20, 2018
Rare ASP.NET request validation bypass using request encoding February 20, 2018
Additional notes on “A Forgotten HTTP Invisibility Cloak” talk! September 1, 2017
Request encoding to bypass web application firewalls August 24, 2017
When a web application SSRF causes the cloud to rain credentials & more August 24, 2017
CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers August 24, 2017

Archives

Blog Tags

reddit.com netsec Channel Feed

Shellcode for IoT: A Password-Protected Reverse Shell (Linux/ARM) - @syscall59 April 22, 2019
Simple Rules to Protect Against Spoofed & windows.net Phishing Attacks April 22, 2019
0xACB/viewgen: Payload generator to achieve RCE on .NET servers through leaking the machineKey April 22, 2019
Attacking Cloud Containers Using SSRF April 22, 2019
What goes wrong if I have your SNMP RW string for a Cisco Device? April 21, 2019

SecurityFocus Feed

Vuln: PHP Multiple Heap Buffer Overflow Vulnerabilities
Vuln: OpenSSL CVE-2019-1559 Information Disclosure Vulnerability
Vuln: ISC BIND CVE-2018-5745 Remote Denial of Service Vulnerability
Vuln: ISC BIND CVE-2018-5741 Security Bypass Vulnerability
Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

Exploit-DB Feed

[webapps] Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal
[webapps] Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
[local] SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)
[remote] Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)
[local] Evernote 7.9 - Code Execution via Path Traversal

Privacy Policy Proudly powered by WordPress