| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0671b3d0add161b6b2caf7804a21ea19@mail.onsec.ru> Date: Mon, 11 Jan 2010 14:26:01 +0300 From: Vladimir Vorontsov <vladimir.vorontsov@...ec.ru> To: <full-disclosure@...ts.grok.org.uk> Subject: Re [2]: iiscan results - a closer look Good day all, Give a few keys from me: 37e65b9f6a61bc3f e2dcfc0b249e4a73 de744886da78d1ac 32bd48ed74ef30e5 858c1d2b83b2ec06 On Fri, 8 Jan 2010 16:42:33 -0400, dd@...uri.net wrote: > I played with it a little yesterday and posted my thoughts (as well as > a summary of their whole scan) at: > > http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html > > It is a nice tool with some good checks looking for SQL, XSS, etc... I > just think they > didn't look deep enough in my site to check more stuff... > > > --dd > > > > On Thu, Jan 7, 2010 at 11:58 AM, Robin Sage <robin.sage@...ketmail.com> > wrote: >> If anyone has any more invite codes please send one to me. >> I tried the ones posted and they were not functional. >> I also emailed support and never received a response. >> >> Has anyone compared this to AppScan, WebInspect, Sentinnel, Qualys or >> Acunetix ? >> How many trials do you get per invite code? Just 1 app? >> >> Thanks! >> >> ________________________________ >> From: Jardel Weyrich <jweyrich@...il.com> >> To: p8x <l@....net> >> Cc: full-disclosure@...ts.grok.org.uk >> Sent: Thu, January 7, 2010 9:33:07 AM >> Subject: Re: [Full-disclosure] iiscan results >> >> It's probably trying to get different results/responses by changing >> the values of some request headers. The most common scenario, as far >> as I've seen, and as oddly as it might sound, is the User-Agent and >> HTTP minor version. >> >> A more verbose logging strategy would demystify. Or maybe Vincent? >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- ----------------------------------------------------------------- Best regards! Vladimir Vorontsov, security expert. ONsec: turn on security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists