Ron, I keep reading over your post, but I fail to see you say anything.
php "coding", as you say, is something that should be left only to the security experts on these lists - to this I agree. I suggest you move back to exploiting zenomorph styled SSI bugs in web statistic packages, and leave the complex arena of XSS/php bugs to those of us with a clue. Thanks. ----------------------------------------------------------- "Whitehat by day, booger at night - I'm the security snot." - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - ----------------------------------------------------------- On Tue, 15 Jul 2003, R. DuFresne wrote: > > Of course, php coding is not for the weak at heart, and should be done > carefully, with strong/strict filtering of in and output to help limit sec > related code issues. PHP seems to be the language of choice for xss these > days. > > Thanks, > > Ron DuFresne > > On Tue, 15 Jul 2003 [EMAIL PROTECTED] wrote: > > > I think you're looking for a combination of these two PHP pages. They use Nmap to > > scan. > > > > http://www.davidquintana.com/projects/nmapwebfe/nmapwebfe.html > > > > The second site is now down so e-mail me directly for the code. The code is for > > scanning yourself but with only the basic flags. It's also complete. > > > > I can't get them to work on servers with the latest version of PHP, and don't know > > why, so if you get them working could you please let me know. The problem is with > > the exec() statement. > > > > Ben > > > > -----Original Message----- > > From: Domingos Costa [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, July 15, 2003 12:00 PM > > To: [EMAIL PROTECTED] > > Subject: Vuln scan tool for web > > > > Hello, > > > > I'm looking for a web tool that allow a user connected to my lan scan his own > > computer for > > vulnerabilities. It's something similar to ShieldsUP! at grc.com, but i wanna put > > it inside my lan, > > at a web server and the user can just click on to start probbing his ports. Do you > > know some tool?? > > I'm working with linux slackware. > > > > Thanks. > > > > > > > > --------------------------------------------------------------------------- > > Your network Firewall and IDS products do not prevent Web application > > exploits - the most common form of online attack - resulting in Web > > defacement, data theft, sabotage and fraud. > > > > KaVaDo is the first and only company that provides a complete and an > > integrated suite of Web application security products, allowing you to > > assess your entire environment, automatically set positive security > > policies and maintain it without compromising business performance. > > > > For more information on KaVaDo and to download a FREE white paper on Web > > applications - security policy automation, please visit: > > http://www.kavado.com/ad.htm > > ---------------------------------------------------------------------------- > > > > --------------------------------------------------------------------------- > > Your network Firewall and IDS products do not prevent Web application > > exploits - the most common form of online attack - resulting in Web > > defacement, data theft, sabotage and fraud. > > > > KaVaDo is the first and only company that provides a complete and an > > integrated suite of Web application security products, allowing you to > > assess your entire environment, automatically set positive security > > policies and maintain it without compromising business performance. > > > > For more information on KaVaDo and to download a FREE white paper on Web > > applications - security policy automation, please visit: > > http://www.kavado.com/ad.htm > > ---------------------------------------------------------------------------- > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." > -- Johnny Hart > > testing, only testing, and damn good at it too! > > > --------------------------------------------------------------------------- > Your network Firewall and IDS products do not prevent Web application > exploits - the most common form of online attack - resulting in Web > defacement, data theft, sabotage and fraud. > > KaVaDo is the first and only company that provides a complete and an > integrated suite of Web application security products, allowing you to > assess your entire environment, automatically set positive security > policies and maintain it without compromising business performance. > > For more information on KaVaDo and to download a FREE white paper on Web > applications - security policy automation, please visit: > http://www.kavado.com/ad.htm > ---------------------------------------------------------------------------- > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
