Soroush Dalili (@irsdl) – سروش دلیلی

Web AppSec ninja, semicolon character enthusiast!

Skip to content

Home
Advisories
Archives
Privacy Policy

Monthly Archives: August 2009

Web application security in ASP – (simple) JSP

Language of this article is Farsi (Persian).

This article is ready to download from these links:

http://soroush.secproject.com/downloadable/ASP_Security_Soroush_Dalili.pdf

or

http://rapidshare.com/files/273684865/ASP_Security_Soroush_Dalili.zip

Cheers

Soroush

This entry was posted in Security Articles and tagged final project article, soroush dalili, Web application security in ASP, Web application security in ASP - (simple) JSP, Web application security in JSP on August 31, 2009 by Soroush Dalili.

Search for:

Social

Follow me on:

Recent Posts

ASP.NET resource files (.RESX) and deserialization issues August 12, 2018
MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint Online August 12, 2018
WAF Bypass Techniques – Using HTTP Standard and Web Servers’ Behaviour August 12, 2018
SMB hash hijacking & user tracking in MS Outlook August 12, 2018
Bug Bounty vs Penetration Testing (Simple Unbiased Comparison) February 20, 2018
Rare ASP.NET request validation bypass using request encoding February 20, 2018
Additional notes on “A Forgotten HTTP Invisibility Cloak” talk! September 1, 2017
Request encoding to bypass web application firewalls August 24, 2017
When a web application SSRF causes the cloud to rain credentials & more August 24, 2017
CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers August 24, 2017
Using Firefox Profiles in Security Testing May 1, 2017
Flash it baby! October 1, 2016
Common Security Issues in Web-Based Payment Systems (& Gambling Apps) June 11, 2015
Interesting XML Processing in Copy/Paste in Word and Outlook March 31, 2015
Non-Root-Relative Path Overwrite (RPO) in IIS and .Net applications February 23, 2015

Archives

Blog Tags

reddit.com netsec Channel Feed

Peaking Behind the Curtains of Serverless Platforms August 17, 2018
Open/Unvalidated Redirects and Forwards (What they are, how to find them, how to exploit them, and how to fix them) August 17, 2018
Singularity of Origin: A DNS Rebinding Attack Framework August 17, 2018
File Operation Induced Unserialization via the “phar://” Stream Wrapper August 17, 2018
Commercial Cryptographic Key Management in 2018 August 17, 2018

SecurityFocus Feed

Vuln: Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
Vuln: Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
Vuln: Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
Vuln: Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

Exploit-DB Feed

[webapps] ADM 3.1.2RHG1 - Remote Code Execution
[dos] Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
[webapps] Mikrotik WinBox 6.42 - Credential Disclosure (golang)
[dos] CEWE Photoshow 6.3.4 - Denial of Service (PoC)
[dos] Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl

Privacy Policy Proudly powered by WordPress