Web application firewall bypass with a XSS attack
Page 1 of 1
Web application firewall bypass with a XSS attack
In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any “protection” offered by the WAF. Such attack is possible By exploiting a cross-site scripting vulnerability in the log viewer facility of the dotDefender admin interface. Watch the video below for a more in depth explanation of the attack. From the below video one can also learn and understand the importance of having secure web applications, especially if they are to be accessed by trusted administrators. As we’ve seen, while the administrator is doing his job (checking out the log files) a vulnerability is exploited and without knowing, he opens the doors for hackers!
More info and video demo: http://www.acunetix.com
More info and video demo: http://www.acunetix.com
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Methods to Bypass a Web Application Firewall
» A little about Firewall & Anti-Virus
» WebTuff - IIS 6.0 WebDAV Authentication Bypass PoC
» CubeCart 4 session management bypass leads to administrator access
» PDF Attack
» A little about Firewall & Anti-Virus
» WebTuff - IIS 6.0 WebDAV Authentication Bypass PoC
» CubeCart 4 session management bypass leads to administrator access
» PDF Attack
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum