SEARCH RESULTS
 
Showing 1-3 of 3 records
1
 
Expand article

ColdFusion: Hack Me or Help Me

The Article has images
2008-08-28 10:13:00 by Russ McRee in HolisticInfoSec.org
...ColdFusion I've been picking on ColdFusion-built apps again a bit lately, and one of my observations has been that consistently, if mismanaged, the verbose error reporting features in ColdFusion can be really problematic HIO-2008-0713 JOBBEX JobSite SQLi & XSS HIO-2008-0729 BookMine SQLi & XSS Recently, I stumbled on an example of way too...
 
Tags: coldfusion, coldfusion paths, coldfusion fans, coldfusion security issues, error, database, database username, error messages, coldfusion feature
 
 
 
 
Expand article

Hype Alert: Internet Shopping Carts Are Secure

The Article has images
2008-09-26 15:00:00 by Russ McRee in HolisticInfoSec.org
...ColdFusion again, but man, they make it easy GM Parts Direct: Your Shopping Cart jumped right out at me for a number of reasons First, I sensed XSS vulns lurking like a Geiger counter senses radiation. Sound effect for edification Second, the page contained one of the growing number of aforementioned conversion-driving website security seals...
 
Tags: ecommerce, multiple ecommerce platforms, ecommerce sdl, ecommerce perspective, pci, pci dss, cart solutions, cart, ecommerce security
 
 
 
 
Expand article

XSS Comedy III: Tax Cheats with Small Equipment

2008-11-12 16:52:00 by Russ McRee in HolisticInfoSec.org
 
...ColdFusion application built by Internet Direct Response (IDR) , the wankers who proudly bring you Maxoderm, Vivaxa, Vazomyne, Smoke Away, and Hydroxydrene; all such reputable products, and all repetitively wearing me out via DirectTV. At the ExtenZe site I spotted a variable that seemed worthy of building a Googledork from, and I soon...
 
Tags: idr, idr choose, extenze site, extenze, variable, consistent variable, wankers, choose, tax relief
 
 
 
 
 
Showing 1-3 of 3 records
1
 
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia