When you're trying to get around input validation: updateList=../../../../../usr/include/sys__types__../_types/../../../../../../etc/passwd
-
-
Replying to @ChrisJohnRiley
@ChrisJohnRiley oh it's just a web app that i'm testing that uses underscores as a delimiter/tokenizer. It turns into a valid path to passwd1 reply 0 retweets 1 like -
Replying to @ndouba
@ndouba Does go to show though… automated scans are fine, but intelligent manual testing is king ;)#JobSecurity4Lyfe1 reply 0 retweets 0 likes -
Replying to @ChrisJohnRiley
@ChrisJohnRiley dude... totally agree with you on that. Makes me cringe whenever I meet a client that asks what scanners I'll be using1 reply 0 retweets 0 likes -
Replying to @ChrisJohnRiley
@ChrisJohnRiley Wishful thinking:) It would probably put 99% of "infosec" firms in the 100% auto testing category;) Would look really bad1 reply 0 retweets 1 like -
Replying to @ChrisJohnRiley
@ChrisJohnRiley i think we need to make a list of charlatans like@attritionorg that's crowd sourced :D2 replies 0 retweets 0 likes
@ndouba @ChrisJohnRiley been discussed at length many times over the years. many pitfalls and challenges.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.