Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Odd things going on at the ChoicePoint Web site

from [Jeff Robertson] Network Security [Permanent Link]
Subject: RE: Odd things going on at the ChoicePoint Web site
Date: Tue, 22 Feb 2005 07:47:51 -0500 
Is this the same ChoicePoint mentioned in this newspaper article?

http://www.11alive.com/news/news_article.aspx?storyid=59302



Jeff Robertson
Manager of Web Application Security
Digital Insight



-----Original Message-----
From: Daniel [mailto:deeper@gmail.com]
Sent: Monday, February 21, 2005 07:26
To: Richard M. Smith
Cc: webappsec@securityfocus.com
Subject: Re: Odd things going on at the ChoicePoint Web site


Whilst the site should be inspecting all input being passed back for
execution (i mean we are 2005 now and OWASP has been around for long
enough now), it does seem that your quotes are causing issues.

On a legal note, if you were based in the UK now, you would have
Scotland yards Computer Crime Unit arresting you under section 1 of
the computer misuse act :(

Have you contacted Checkpoint?




On Sun, 20 Feb 2005 20:33:50 -0500, Richard M. Smith
<rms@computerbytesman.com> wrote:

Hi,

I just noticed something odd at the ChoicePoint Web site
(http://www.choicepoint.com).  If I try to search for a double quote
character using the little search box at the top of the 

home page, I don't

get a search results page and instead the ChoicePoint 

search engine returns

a HTTP 500 error code (Internal server error).  Is this 

behavior a sign of

bigger problems with the ChoicePoint search engine?

Also is there any method of determining who's Web site search engine
ChoicePoint is using?  The base URL for a search results page is:

http://www.choicepoint.com/catalog.nsf/cpsearchresults

Thanks,
Richard M. Smith
http://www.ComputerBytesMan.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Software security specifications, Angelo Perniola
Next by Date:  Copying files from one server to another., Eric Boughner
Previous by Thread:  Re: Odd things going on at the ChoicePoint Web site, Bill Pennington
Next by Thread:  RE: Odd things going on at the ChoicePoint Web site, Richard M. Smith
Indexes:  [Date] [Thread] [Top] [All Lists]