From: Dave (dlaud.flux@gmail.com)
Date: Thu Feb 09 2006 - 11:14:29 EST
John Forristel (SunGard-Chico) wrote:
>WebBlaze is a way for lawyers to share documents. As Dave mentioned,
>scan the machine with nmap, Nessus, and other tools. Be careful with
>Brutus, you can lock out accounts very quickly and your information is
>logged for all to see. WebBlaze is a webform, not a listening protocol,
>so it may be that the software is using a local database to store login
>information. Try gaining access without using WebBlaze.
>
>
May I ask why you recommended trying to gain access without using
webblaze? As you said previously, weblaze could be using a database to
hold valuable information etc... doesnt *possible* SQL injection come
into mind? The pen tester could potentially get a wealth of information
even if the box cant be cracked.
>Then look on the website for the company you are trying to penetrate.
>Email addresses make for good login material.
>
>Check to see if there is a default password for WebBlaze and try that.
>
>My $1.32 (2 cents + inflation)
>
>
>
>John Forristel
>Network Security Analyst
>SunGard Bi-Tech
>
>"You don't have to lie to me, we aren't married."
>
>
>
>
>
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT