Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [WEB SECURITY] AttackAPI (0.7)
> -----Original Message-----
> From: pdp (architect) [mailto:pdp.gnucitizen@xxxxxxxxxxxxxx]
> Sent: Saturday, September 16, 2006 2:22 AM
> To: full-disclosure@xxxxxxxxxxxxxxxxx;
> websecurity@xxxxxxxxxxxxx; webappsec@xxxxxxxxxxxxxxxxx;
> bugtraq@xxxxxxxxxxxxxxxxx; pen-test@xxxxxxxxxxxxxxxxx;
> security-basics@xxxxxxxxxxxxxxxxx
> Subject: [WEB SECURITY] AttackAPI (0.7)
>
>
>
> Client Enumeration
> Server Enumeration
> AuthorizationForcer
> ExtensionScanner
> HistoryDumper
> NetworkSweeper
> PortScanner
> Utils
> JavaScriptShell
> UsernameScanner
> URLScanner
> Base64Encoder
> +
> RequestBuilder
>
> Now it can compose requests, fetch text and binary files, scan for
> usernames, scan URLs. This pretty much proves that JavaScript can be
> used for quite a lot malicious stuff without breaking the rules.
>
> --
> pdp (architect)
>
>
|
