From: Beau Mersereau (bm@fr.com)
Date: Thu Feb 09 2006 - 13:24:16 EST
Webblaze is the browser based version of Summation. It only runs on
IIS. Most likely the back end will not be a SQL based database. While
Summation does have a SQL back end for their product, very few law firms
are running the SQL back end. SQL back end product is fairly new. The
DB is fairly proprietary.
Summation is used for Litigation Support.
-----Original Message-----
From: Ailton Caetano [mailto:guerrilha@gmail.com]
Sent: Thursday, February 09, 2006 6:51 AM
To: pen-test@securityfocus.com
Subject: Re: Penetration test of 1 IP address
Hi you all,
Well, google told webblaze is a web aplication used by Law firms written
in asp (its login page is login.aspx), so they must be running some
version of IIS. Trying to access a non-existent folder could give you
the web server's name and version. You should also look for some sql
injection possibility on the login page...
2006/2/8, Dave <dlaud.flux@gmail.com>:
>
> >To all:
> >
> >I have been asked to perform a security audit of 1 IP address for
client.
> >They have given me the 1 IP address and a clue (webblaze).
> >
> >If I enter the IP address and then /webblaze, I am taken to a login
> >page (user name and password requested).
> >
> >What tools would you recommend that I use for this assignment?
> >
> >
> nmap and nessus will tell you more about the IP and what other
> services are running that you might be able to exploit. If they just
> want you to test the strength of the webpage login then possibly using
> Brutus will reveal weak passwords etc... although this is generally a
bad idea.
> Right off hand, I cant look now, but webblaze may be a publicly
> available script...download it and check the source for any possible
> coding errors that could be exploited.
>
> >Thanks for your help.
> >
> >Regards,
> >
> >
> >Edmond
> >
> >
> good luck and take it easy,
> dave
>
>
> ----------------------------------------------------------------------
> -------- Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are futile against web application hacking. Check
> your website for vulnerabilities to SQL injection, Cross site
scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------
> ---------
>
>
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts,
forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
servers are futile against web application hacking. Check your website
for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT