So you made a perl script to make GET requests on a list of URLs? Brilliant.
2013/6/18 MustLive <[email protected]> > Hello participants of Mailing List. > > If you haven't read my article (written in 2010 and last week I wrote about > it to WASC list) Advantages of attacks on sites with using other sites > (http://lists.webappsec.org/**pipermail/websecurity_lists.** > webappsec.org/2013-June/**008846.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008846.html> > ), > feel free to do it. In this article I reminded you about using of the sites > for attacks on other sites > (http://lists.grok.org.uk/**pipermail/full-disclosure/** > 2010-June/075384.html<http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html> > ), > DDoS attacks via other sites execution tool (DAVOSET) > (http://lists.webappsec.org/**pipermail/websecurity_lists.** > webappsec.org/2010-July/**006832.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006832.html> > ), > sending spam via sites and creating spam-botnets > (http://lists.webappsec.org/**pipermail/websecurity_lists.** > webappsec.org/2010-July/**006863.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html> > ) > and wrote about advantages of attacks on sites with using other sites. > > Last week I've published online my DDoS attacks via other sites execution > tool > (http://websecurity.com.ua/**davoset/<http://websecurity.com.ua/davoset/>). > It's tool for conducting > of DDoS attacks via Abuse of Functionality vulnerabilities on the sites, > which I've made in 2010. Description and changelog on English are presented > at my site. Where you can get my DAVOSET v.1.0.5 (made at 18.07.2010). > > This is the last version of my DAVOSET. After that I've stopped its > development. But now I am planning to continue development of the software > and to release new versions (I'll release v.1.0.6 today). > > For three years I was holding this tool privately, but now released it for > free access. So everyone can test Abuse of Functionality vulnerabilities at > multiple web sites - like Google's sites, W3C and many others, which were > informed by me many times during many years (I was informing admins of web > sites about such vulnerabilities since 2007), but ignored and don't want to > fix these holes for a long time, and for example Google continued to create > new services with Abuse of Functionality and Insufficient Anti-automation > vulnerabilities, which can be used for such DoS and DDoS attacks. > > It must bring attention to the danger of these vulnerabilities (which I was > trying to do in my articles in 2010). Because in most cases owners of web > sites and web developers ignore and don't fix them. Which can be used for > DoS attacks as on other sites, as on the sites with Abuse of Functionality > vulnerabilities themselves, about which I wrote in my article Using of the > sites for attacks on other sites. > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > ______________________________**_________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-**disclosure-charter.html<http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
