[nsp-sec] #RefRef
Jose Nazario
jose at arbor.net
Wed Aug 10 09:44:47 EDT 2011
FYI
our quick testing this morning suggests:
- works against mysql, not against postgres
- requires that SQLi already be a problem on the site
many sites have these issues, including some sites for big orgs which use lousy CMSes (e.g. wordpress) with known bugs. easily thwarted: mod_security, a WAF, an update, proper db perms, etc ...
On Aug 10, 2011, at 9:42 AM, King, Link wrote:
> ----------- nsp-security Confidential --------
>
> Thanks!
>
> -Link
>
> On Aug 10, 2011, at 5:59 AM, Dave Burke wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> http://www.refref.org/p/refref.html has the perl version of the code.
>>
>> dave
>>
>> On 04/08/2011 18:16, King, Link wrote:
>>> ----------- nsp-security Confidential --------
>>>
>>> Hi folks.
>>>
>>> Has anyone been able to get a hold of or have any specific
>>> information on this tool that appears to be in development? If so,
>>> I'd certainly be interested in anything anyone has. Thanks!
>>>
>>> -- Link King link.king at neustar.com
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________ nsp-security mailing
>>> list nsp-security at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/nsp-security
>>>
>>> Please do not Forward, CC, or BCC this E-mail outside of the
>>> nsp-security community. Confidentiality is essential for effective
>>> Internet security counter-measures.
>>> _______________________________________________
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAk5CgMsACgkQvMJ1IGjTxcEF0ACeMmqv8r7b9TIvAL9JiwA3VVzd
>> IE4Anj3ue8Dyn+DEbMHSgQ9zHPY2bLhI
>> =tRXZ
>> -----END PGP SIGNATURE-----
>>
>>
>>
>> Amazon Data Services Ireland Limited registered office: Riverside One, Sir John Rogerson's Quay, Dublin 2, Ireland. Registered in Ireland. Registration number 390566.
>>
>
> Link King
> link.king at neustar.com
>
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
_____________________________
jose nazario, ph.d. jose at arbor.net
sr. manager of security research, arbor networks
blog: http://asert.arbor.net/
twitter: @arbornetworks
More information about the nsp-security
mailing list