This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.
32bc66497949946f49a5d475504377f6fb06a5d809e9e46ec66cb3f3191a2b7b
MyConnection Server version 8.2b suffers from a cross site scripting vulnerability.
c9ab77625e1367cca46f4d58fe3c3178212c8c6049ec8e802f27e40fb5e81473
TomatoCart version 1.1.8.6.1 suffers from a cross site scripting vulnerability.
79fa551178c89cd026702176897012baab890d8c7eba697d2cb60aa11162509c
Pizza Inn Registration suffers from a persistent cross site scripting vulnerability.
5a1edb79b7fe3d9798b3fa1e02d42acaf8165ce59f390a7d27dbc6a0528d5111
OKCupid server error pages suffered from a cross site scripting vulnerability.
55b9edd72c42fe42439c54b83648a6ae9a40cbf862490bd921f0a61780685848
Your Online Shop suffers from a reflective cross site scripting vulnerability.
8a1368e00d3bdd6c67cc3a0fb225fcffbf5805b7e49ded4b9610a5024c9e2a91
Exponent CMS version 2.3.0 suffers from a POST reflective cross site scripting vulnerability.
8de9029830cf1e4c70982c3606140b89c2335ac9e0895a778b8774e36b32e9e2
WordPress version 3.6 suffers from multiple URL redirection restriction bypass vulnerabilities.
b7c554cd3d39594ec433361de09accd00a8298b232665ded7801c40c285494bb
OpenDocMan version 1.2.6.2 suffers from remote SQL injection and multiple access bypass vulnerabilities.
b865110065c53e1f31eed37d7378c899a40f17fdecd48dbbcec488cf1491d1be
Addressbook versions 8.1.24.1 and 8.2.5 suffer from a cross site scripting vulnerability in Group Name.
20aebf2bfe9b011017e46733e1177c025ebc2f405f02f295a97fb67315a1919d
Front Account version 2.3.13 and OpenDocMan version 1.2.6.2 render uploaded HTML in the DOM allowing for malicious javascript insertion that can enable cross site scripting attacks.
39b7dc1d98dc77b0a1fe1263b285315dc66fe88c63545e29291abfda9cf4a8f1
Whitepaper titled "Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security".
61c4df4f6cd97bb1f07965a78034ff548b67189ecc2115b7f28bbf34efe4e5d2
Presentation entitled "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications" from the AT&T ISNN Lecture Series. The aim of the presentation is to cover a limited set of web application vulnerability types and show the impact of these vulnerabilities via real world cases.
864d22be9ea2fbe90fc389e48dd1b7e860db2d314108cd24933a16b4659c7ec8
Ipswitch What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials.
c45af487c7e701523e3170d31c0f127bc7bab3856ae1e9d76f301b7c98ab5dcd
This presentation was given by the keynote speaker at the FiTech Summit 2005. It is entitled "How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk".
3ab52b06315c51be5592e0eb263596d926684a34f932ce28649184d7e7e1d185
Exploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.
0709918fda79c675a96d4652e41493a81d31f543e718af8b4e99466278e268a4