exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Shreeraj Shah

Email addressshreeraj at blueinfy.com
First Active2000-08-02
Last Active2008-06-02
blindsql.pdf
Posted Jun 2, 2008
Authored by Shreeraj Shah | Site blueinfy.com

Whitepaper discussing blind SQL injection discovery and exploitation techniques. It describes how to deal with blind SQL injection on ASP/ASP.NET applications running with access to XP_CMDSHELL.

tags | paper, sql injection, asp
SHA-256 | 38f99722128efd5e6ad90e4e47213ad4e80f38e80cd65725de7307d4dc245cf1
D1T1_-_Shreeraj_Shah_-_Securing_Next_Generation_Applications_-_Scan_Detect_and_Mitigate.zip
Posted Apr 21, 2008
Authored by Shreeraj Shah | Site conference.hitb.org

Securing Next Generation Applications - Scan, Detect, and Mitigate.

SHA-256 | d19c2013f9c13ff698a8b10c146857e5fd1996461317ffb2e89134213d493121
Top_10_Ajax_SH_v1.1.pdf
Posted Dec 6, 2006
Authored by Shreeraj Shah

Whitepaper entitled "Top 10 AJAX Security Holes And Driving Factors".

tags | paper
SHA-256 | 1ed5c65dfd0826c823dfd1a9f124b537e561dd5ffcc62aee60d328f4953f93ef
Top10_Web2.0-AV.pdf
Posted Nov 7, 2006
Authored by Shreeraj Shah

Whitepaper discussing attack vectors for Web 2.0 applications. Web 2.0 is the novel term coined for new generation Web applications. /start.com/, /Google maps/, /Writely/ and /MySpace.com/ are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself. XML is making a significant impact at both /presentation/ and /transport/ (HTTP/HTTPS) layers. To some extent XML is replacing HTML at the presentation layer while SOAP is becoming the XML-based transport mechanism of choice.

tags | paper, web
SHA-256 | 23b78dfb2fcd2a2e7ec93abd2ab89b20a676a3f0dfa6408fc46bf16a6cdd1988
MSN_Search_For_WebApp.pdf
Posted Dec 7, 2005
Authored by Shreeraj Shah | Site net-square.com

Whitepaper entitled 'Web Application Footprinting and Assessment with MSN Search Tricks'.

tags | paper, web
SHA-256 | 21fa9f7a4c5cc5110927a0d58b634ca2cc3a52a3998262dfccb65e1141516e43
TT-Shreeraj-Shah-Webhacking-Kungfu.pdf
Posted Oct 11, 2005
Authored by Shreeraj Shah

Web Hacking Kung-Fu and Art of Defense - Web attacks are on the rise and new methods of hacking are evolving. This presentation covers the new methodologies for web application footprinting, discovery and information gathering with a new range of tools.

tags | web
SHA-256 | 4f5e29a13a9a3f08a42d17d1c4729596c7602ec6f82c8722ba9f630ca7c3ecff
browser_ident.pdf
Posted Aug 17, 2005
Authored by Shreeraj Shah | Site net-square.com

White paper discussing web browser identification and how proper identification can enable a remote site to know what attacks to use against a visitor.

tags | paper, remote, web
SHA-256 | af292d7644b45c3e998a980f23ff821b434d866040446022bb3ee6a5b46b07a2
NS-051805-ASPNET.pdf
Posted Aug 14, 2005
Authored by Shreeraj Shah | Site net-square.com

Microsoft ASP.NET Web Services have an unhandled exception that leads to file system disclosure and SQL injection attacks.

tags | advisory, web, sql injection, asp
SHA-256 | 236c5cf9bbf6b70888b54d9a9318d4f0f4cfc9764531136f0d161c981e0f7f8c
domain_footprints.pdf
Posted Aug 14, 2005
Authored by Shreeraj Shah | Site net-square.com

White paper called Domain Footprint for Web Applications and Web Services.

tags | paper, web
SHA-256 | 334c5dacdca8cb229f4e6fcd4408159edff35ea5eb82f949449c0fe623215485
WebServices_Profiling.pdf
Posted Mar 25, 2005
Authored by Shreeraj Shah | Site net-square.com

Whitepaper discussing the scope of information gathering used against web services. Second in a series of papers defining attack and defense methodologies with web services.

tags | paper, web
SHA-256 | d845104342be64b7e0981391fa4587731812589b1eaa8df8bb900cb3c06d39eb
WebApp_HTTPMod.pdf
Posted Mar 25, 2005
Authored by Shreeraj Shah | Site net-square.com

Web Application Defense At The Gates - Leveraging IHttpModule. Whitepaper describing how the IHttpModule that comes with the .Net framework can be used to man-in-the-middle HTTP transactions in order to help filter against input validation attacks.

tags | paper, web
SHA-256 | 6caf1ed5d6a9f25b75acf4adba7d8d25877548097bc1e32c33cbdd10fce7536c
WebApp_Footprints_Disco.pdf
Posted Feb 23, 2005
Authored by Shreeraj Shah | Site net-square.com

White paper discussing web application footprints and discovery methodology for web servers hosting multiple web applications.

tags | paper, web
SHA-256 | 51f2b357535a04ed528e35ff209d1544050e9ec8990d03bddf56be14b2c0d5c0
WebServices_Info_Gathering.pdf
Posted Jan 27, 2005
Authored by Shreeraj Shah | Site net-square.com

Whitepaper discussing the scope of information gathering used against web services. First in a series of papers defining attack and defense methodologies with web services.

tags | paper, web
SHA-256 | 41051ad1f79babf058f6e50a6da49759baee349f285fbc702e91c39d819f38f8
Defense_using_mod_security.pdf
Posted Jan 12, 2005
Authored by Shreeraj Shah | Site net-square.com

A thoroughly written white paper discussing how to defend web services using mod_security.

tags | paper, web
SHA-256 | bff27e41da0ed96737c94d7f79f29f3432e83dda6ab0b1eed20e27122f946d50
FS-073100-10-BEA.txt
Posted Aug 2, 2000
Authored by Shreeraj Shah | Site foundstone.com

Foundstone Security Advisory FS-073100-10-BEA - It is possible to compile and execute any arbitrary file within the web document root directory of the WebLogic server as if it were a JSP/JHTML file, even if the file type is not .jsp or .jhtml. If applications residing on the WebLogic server write to files within the web document root directory, it is possible to insert executable code in the form of JSP or JHTML tags and have the code compiled and executed using WebLogic's handlers. This can potentially cause an attacker to gain administrative control of the underlying operating systems.

tags | exploit, web, arbitrary, root
SHA-256 | efe85f651d73615fb6cff13785c85e629c1d6000de550891afe91b7b8b3f8677
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close