[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Info about attack trees
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Info about attack trees
- From: Daniel Hadfield <dan@xxxxxxxxxxxxxxx>
- Date: Fri, 25 May 2012 14:46:56 +0100
You can create an XSS with a SQLi
If you can output on the page, you can inject HTML/JS with that variable
On 25/05/2012 09:58, Federico De Meo wrote:
> Hello everybody, I'm new to this maling-list and to security in general.
> I'm here to learn and I'm starting with a question :)
>
> I'm looking for some informations about attack trees usage in web application
> analysis.
>
> For my master thesis I decided to study the usage of this formalism in order
> to reppresent attacks to a web applications.
> I need a lot of use cases from which to start learning common attacks which
> can help building a proper tree.
>
> >From where can I start?
>
> I've already read the OWASP top 10 vulnerabilities an I'm familiar with XSS,
> SQLi, ecc. however I've no clue on how to combine them together in order to
> perform the steps needed to attack a system. I'm looking for some examples
> and maybe to some famous attacks from which I can understand which steps are
> performed and how commons vulnerabilities can being combined together. Any
> help is really appreciated.
>
>
> -------------------
> Federico.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/