[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re [2]: iiscan results - a closer look

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Re [2]: iiscan results - a closer look
From: Vladimir Vorontsov <vladimir.vorontsov@xxxxxxxx>
Date: Mon, 11 Jan 2010 14:26:01 +0300

Good day all, 

Give a few keys from me:

37e65b9f6a61bc3f        
e2dcfc0b249e4a73
de744886da78d1ac
32bd48ed74ef30e5
858c1d2b83b2ec06

On Fri, 8 Jan 2010 16:42:33 -0400, dd@xxxxxxxxxx wrote:
> I played with it a little yesterday and posted my thoughts (as well as
> a summary of their whole scan) at:
> 
> http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html
> 
> It is a nice tool with some good checks looking for SQL, XSS, etc... I
> just think they
> didn't look deep enough in my site to check more stuff...
> 
> 
> --dd
> 
> 
> 
> On Thu, Jan 7, 2010 at 11:58 AM, Robin Sage <robin.sage@xxxxxxxxxxxxxx>
> wrote:
>> If anyone has any more invite codes please send one to me.
>> I tried the ones posted and they were not functional.
>> I also emailed support and never received a response.
>>
>> Has anyone compared this to AppScan, WebInspect, Sentinnel, Qualys or
>> Acunetix ?
>> How many trials do you get per invite code? Just 1 app?
>>
>> Thanks!
>>
>> ________________________________
>> From: Jardel Weyrich <jweyrich@xxxxxxxxx>
>> To: p8x <l@xxxxxxx>
>> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
>> Sent: Thu, January 7, 2010 9:33:07 AM
>> Subject: Re: [Full-disclosure] iiscan results
>>
>> It's probably trying to get different results/responses by changing
>> the values of some request headers. The most common scenario, as far
>> as I've seen, and as oddly as it might sound, is the User-Agent and
>> HTTP minor version.
>>
>> A more verbose logging strategy would demystify. Or maybe Vincent?
>>
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 
-----------------------------------------------------------------
Best regards!
Vladimir Vorontsov, security expert.
ONsec: turn on security

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] iiscan results - a closer look
  - From: dd

Prev by Date: [Full-disclosure] Download and LoadLibrary shellcode released
Next by Date: Re: [Full-disclosure] iAWACS 2010 : Rules of the PWN2KILL contest
Previous by thread: Re: [Full-disclosure] iiscan results - a closer look
Next by thread: [Full-disclosure] bugs for sale
Index(es):
- Date
- Thread