Web Vectors

Onapsis|research labs – Holistic ERP security
MARC – Patch for SAP-passwords :BCODE & PASSCODE
SAP exploits – Phenoelit SAP exploits
Anatomy of Cross Site Scripting
Whitepapers – technicalinfo.net
Tales from the crypto – Cross-Site Scripting (XSS) no script required
InterN0T -Cross Site Scripting – attack and defense guide
BlackHat-EU-2010 -Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)
Sirdarckcat – Our favorite XSS filters and how to attack them
Filter evasion – Houdini on the wire
HTML5 – HTML5 security cheatsheet
XSS – Cross Site Scripting
XSS info – Web application security forum
Web application security consortium- articles – DOM based Cross Site Scripting or XSS of the third kind
12robots.com – What’s possible with XSS?
LFI Fuzzing
Exploiting PHP file inclusion weblog
LFI..code exec..remote root!
Neohapsis labs – Local file inclusion
DigiNinja – When all you can do is read
David Robert’s blog – Lotus notes/domino security
Lotus penetration testing – Re: Lotus notes
SecTechno – Hacking Lotus domino
Onapsis|research labs – Holistic ERP security
MARC – Patch for SAP-passwords :BCODE & PASSCODE
SAP exploits – Phenoelit SAP exploits
Hacking JBoss – Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)
Minded security blog – Good bye critical Jboss 0day

Module browser – Metasploit penetration testing framework

Hideaway.net – Hacking Oracle application servers
OWASP – Testing for Oracle
Ngssoftware.com – OraScan
Database security – NGSSQuirreL for Oracle
Ngssoftware -papers – Hpoas.pdf (application/pdf Object)
Pentestmonkey.net – MSSQL injection cheat sheet
Document Version 1.4 – SQL Injection Cheat Sheet
EvilSQL cheatsheet
Esp: for filter evasion – RSnake SQL injection cheatsheet
Mediaservice.net -SQLi Cheatsheet
MySQL injection cheat sheet
Full MSSQL injection PWNage
MS Access SQL injection cheat sheet
MS Access SQL injection cheatsheet-2
Penetration testing – Access SQL injection
Testing for MS Access – a part of OWASP Testing Guide v3
The complete guide to SQL injections
Obfuscated SQL injection attacks
Exploiting hard filtered SQL injections
SQL injection attack
LayerOne 2009-video – Advanced SQL Injection
SQLi – Advanced SQL injection L1 2009.pdf (application/pdf Object)
DojoSec monthly briefings -Feb2009 – SQL injection
WebApp security forum – Obfuscation : SQL filter evasion
Sqli2.pdf (application/pdf Object)
SQLTeam.com – SQL server version
Overlooked SQL injection 20071021.pdf (application/pdf Object)
SQLInjectionCommentary20071021.pdf (application/pdf Object)
Bypassing upload file type -Google search
Adobe responds… sort of
Secure file upload in PHP WebApp
Perishable press -Stupid htaccess tricks>
Tricks and tips – Bypassing image uploaders>
FCKeditor – Security FCKeditor ADS file upload vulnerability -Windows only>
Cross Site Scripting scanner -Free XSS security scanner
Security Advisories -VUPEN/ADV-2009-3634 -MS IIS file extension processing security bypass vulnerability/exploit
MS ASP.NET file field control – Uploading files using the file field control>
TangoCMS -Security #237 – File upload filter bypass in TangoCMS <=’2.5.0
Zeroboard file upload & extension bypass vulnerability
GNUcitizen – Cross-site file upload attacks
Script file upload security bypass vulnerability
FileUploadSecurity – SH/SC wiki