Hi Sandeep , Not a bad idea, but i don't think so this would work for testing ASP, ASPX, etc.. I think the primarily goal of this application can be used for Incident Responce and Forensics.
Regards:Haren On Tue, Sep 14, 2010 at 7:34 PM, Sandeep Thakur <[email protected]>wrote: > Thanks Haren for the information! > > Now am just wondering why not we also have the above ADS as a test > case along with most other top ten vulnerabilities. I am sure, no one > individual or any tool usually have this feature. Using this feature, > not just an executable rather malicious server include files (say: > ASP, ASPX, JSP, JavaScript, etc) can also be appended with legitimate > server source file which when actually browsed in client browser, we > shall see if something happens or etc. I understand this is not > possible directly without having access to server, but there is way. > We just need to find out any kind of File/Media upload or download > mechanism in application and upload ADS based file. What do you say? > > Can any of you do this in your regular application security testing if > possible and let us know the results. > > > Regards > Sandeep Thakur > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > > -- Thanks & Regards: Haren Bhatt | Security Analyst |MCSA |SCSA |ENSA |CEHv5 |ECSA-LPT . Blog : http://security-culture.blogspot.com/ "We Have A Culture Of Security." NOTICE:This communication is meant only for the addressee(s) named above and may contain information which is and/or legally privileged. If you are not the named addressee(s), or the agent responsible for receiving and delivering this communication to the named addressee(s), this communication has been sent to you in error, please notify the sender and delete all copies. If so, kindly contact us immediately for retrieval purposes. Unauthorized dissemination, distribution, copying or reliance on this communication is prohibited and may attract criminal penalties. For privacy reasons all the addressee(s) may be hidden. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
