Thanks Haren for the information! Now am just wondering why not we also have the above ADS as a test case along with most other top ten vulnerabilities. I am sure, no one individual or any tool usually have this feature. Using this feature, not just an executable rather malicious server include files (say: ASP, ASPX, JSP, JavaScript, etc) can also be appended with legitimate server source file which when actually browsed in client browser, we shall see if something happens or etc. I understand this is not possible directly without having access to server, but there is way. We just need to find out any kind of File/Media upload or download mechanism in application and upload ADS based file. What do you say?
Can any of you do this in your regular application security testing if possible and let us know the results. Regards Sandeep Thakur -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
