Security Advisories

Trustwave Press Releases

« Hey, can I use your server for spamming? | Main | ModSecurity XSS Evasion Challenge Results »

19 September 2013


I like your writeup and love to see how you are breaking in. But I had to notice that just about all the examples ended up getting admin passwords or hashes. Maybe the biggest problem isn't the one server vulnerable to JBoss or 08_067, but rather that any random server/workstation has creds with remote-admin privileges lying around and that weak creds like passwords (and hashes) are accepted around the network. Although that might be harder to fix, since it would involve changing admins' behavior.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)