Guys, wavsep or the Web Application Vulnerability Scanner Evaluation Project has been updated! We now have wavsep version 1.1.1! Our first post regarding wavsep can be found here.
“Wavsep, the Web Application Vulnerability Scanner Evaluation Project is a vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This [...]
Guys, wavsep or the Web Application Vulnerability Scanner Evaluation Project has been updated! We now have wavsep version 1.1.0! Our first post regarding wavsep can be found here.
“Wavsep, the Web Application Vulnerability Scanner Evaluation Project is a vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This [...]
If you remember, back in August this year we posted about a DoS tool that freezes a Apache web server – killapache. Recently, Miroslav Štampar one of the co-authors of the awesome sqlmap tool programmed a Python variant of the same attack with a few more options and called it KillApachePy.
As you remember the vulnerability was [...]
wavsep is a vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners.
Wavsep contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners.
What does wavsep contains
Vulnerabilities:
Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & [...]
A unknown flaw in the code for processing byte range headers allows versions 2.2.x of the Apache Web Server to be crippled from a single PC. A suitable “Apache Killer” Perl script that impressively demonstrates the problem. This has been assigned CVE-2011-3192 as its CVE identifier.
How does killapache DDOS tool work?
killapache sends GET requests with [...]
Microsoft released 16 bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA. Nine of the bulletins are rated Critical, with seven rated as Important.
The most dangerous one MS11-046 is a local privilege escalation flaw in the “afd.sys” driver. IT admins should check with their end-point [...]
CommonSense CMS suffers from a remote SQL injection vulnerability.
o2consultants suffers from a remote SQL injection vulnerability.