On Sat, 2005-11-12 at 19:28 -0800, Morning Wood wrote: > >First you missed the comment where I fixed my typo on the thread, > >second, I thought someone of your "hacking" experience, you would have > >been able to translate that message by yourself. In any case, I made > > umm, no I doubt I missed anything except your contentless dribble. > but I did notice the "error" of the web application... not only is it > vulnerable to SQL injection, it is also vuln to XSS. Possibly > you would like to enroll in a Zone-H Hands on Hacking Seminar > so you too might be able to understand them too, instead of filling this > list with your paranoid, meglomanic rants. > > http://www.biosmagazine.co.uk/op.php?id=314;ok<br>omg<br><b>n3td3v</b>%20rox<br>%20<br> > > http://www.nccgroup.com/events/index.aspx Initially I thought he was pointing out the SQL injection himself in his write up somewhere, personally couldn't read the article to the end - sounded like someone who had never actually worked on a system that had real security issues (maliciously or legitimately) combined with the incompetent writing skills it just wasn't worth carrying on. I don't know what is funnier, the crap he spouts, the fact he didn't notice the most blatant SQL injection evidence you could get, or that he flamed your ' "hacking" experience" ' because he thought you didn't know to take the trailing slash away to get to the content. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/