Soroush Dalili (@irsdl) – سروش دلیلی

Web AppSec ninja, a semicolon enthusiast!

Skip to content

Home
Advisories
Privacy Policy

Web application security in ASP – (simple) JSP

Language of this article is Farsi (Persian).

This article is ready to download from these links:

http://soroush.secproject.com/downloadable/ASP_Security_Soroush_Dalili.pdf

or

http://rapidshare.com/files/273684865/ASP_Security_Soroush_Dalili.zip

Cheers

Soroush

This entry was posted in Security Posts and tagged final project article, soroush dalili, Web application security in ASP, Web application security in ASP - (simple) JSP, Web application security in JSP on August 31, 2009 by Soroush Dalili.

Post navigation

← Critical vulnerabilities in the website of my department! … were solved! Finding vulnerabilities of YaFtp 1.0.14 (a client-side FTP application) →

Search for:

Social

Follow me on:

Recent Posts

My MDSec Blog Posts so far in 2020! October 31, 2020
File Upload Attack using XAMLX Files September 21, 2019
Uploading web.config for Fun and Profit 2 August 15, 2019
IIS Application vs. Folder Detection During Blackbox Testing July 9, 2019
Danger of Stealing Auto Generated .NET Machine Keys May 10, 2019
x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again! May 4, 2019
Exploiting Deserialisation in ASP.NET via ViewState April 23, 2019
Yet Other Examples of Abusing CSRF in Logout April 23, 2019
How to win BIG and even more! April 17, 2019
Finding and Exploiting .NET Remoting over HTTP using Deserialisation March 26, 2019
More research on .NET deserialization December 19, 2018
Feel honoured to be there again after 8 years: Top 10 Web Hacking Techniques of 2017 December 19, 2018
Story of my two (but actually three) RCEs in SharePoint in 2018 December 19, 2018
ASP.NET resource files (.RESX) and deserialization issues August 12, 2018
MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint Online August 12, 2018

Archives

Blog Tags

Web Security Research

The curl quirk that exposed Burp Suite & Google Chrome March 28, 2023
Exploiting prototype pollution in Node without the filesystem March 24, 2023
PHP filter chains: file read from error-based oracle March 22, 2023
Go语言项目容器化导致的Server-Side MIME Sniff - Server-Side MIME Sniff Caused by Go Language Project Containerization March 21, 2023
NPM request Library SSRF Cross Protocol Redirect Bypass March 16, 2023
Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability March 2, 2023
Empowering weak primitives: file truncation to code execution with Git February 28, 2023
SSO Gadgets: Escalate (Self-)XSS to ATO February 24, 2023
Unsafe fall-through in Sequelize' getWhereConditions February 24, 2023
Exploiting Parameter Pollution in Golang Web Apps February 22, 2023

reddit.com netsec Channel Feed

Developing a Robust Vulnerability Detection Tool for ink! April 1, 2023
"Alexa, what is my wifi password?" by Daniel, a 14 year old developer April 1, 2023
The Defender's Guide to the 3CX Supply Chain Attack - How it happened, why it matters, and what's being done about it April 1, 2023
Exploiting Hibernate Injection in "Order by" Clause (Oracle database) April 1, 2023
Leveraging LLMs for solving bounty hunting pain points April 1, 2023

SecurityFocus Feed

Exploit-DB Feed

[webapps] GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
[remote] AD Manager Plus 7122 - Remote Code Execution (RCE)
[local] Splashtop 8.71.12001.0 - Unquoted Service Path
[webapps] perfSONAR v4.4.5 - Partial Blind CSRF
[webapps] XCMS v1.83 - Remote Command Execution (RCE)

Privacy Policy Proudly powered by WordPress