Re: Thanks for the feedback and NAT-hide question



Hi,

On Sun, 6 Aug 2006 18:23:58 -0700
"Erin Carroll" <amoeba@xxxxxxxxxxxxxx> wrote:

As nobody commented on this, I give it a shot.

webservers. How do you get around those obstacles in order to get valid
responses/results and possible find an exploitable hole in Weblogic?

If I understood correctly, the web-servers are supposed to provide
information for public Internet and sits behind load-balancer. If it
isn't so, then my suggestion can be ignored.

IPS: none (inline, possible management interface on 10.1.1.0/24)
DMZ router: 256.12.1.15 (ACL for allow 80/443. 256.12.1.15 public IP nats to
various internal IP's. 80/443 traffic routed to LB VIP)
LB: 10.2.1.12 VIP
Webservers: 10.2.2.0/24

I'd just try to enforce HTTPS in my requests to bypass the IPS and find
a vulnerability in the web-application or Weblogic itself. If there is
a state to be kept, then the load-balancer would direct my requests to
the same server.

-m-

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------



Relevant Pages

  • Re: IM exploitable vulnerabilities .. any pointers?
    ... As attacks through web applications continue to rise, ... > most comprehensive solutions to meet your application security penetration ... Download FREE whitepaper on how a managed service can ...
    (Vuln-Dev)
  • RE: Download Core Impact
    ... As attacks through web applications continue to ... Download FREE whitepaper on how a managed service ... most comprehensive solutions to meet your application security penetration ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • RE: Pen-Test as a favor
    ... Download FREE whitepaper on how a managed service ... As attacks through web applications continue to rise, ... most comprehensive solutions to meet your application security penetration ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: Walmart using WEP
    ... >most comprehensive solutions to meet your application security penetration ... Download FREE whitepaper on how a managed service can ... As attacks through web applications continue to rise, ...
    (Pen-Test)
  • FW: Some new SSH exploit script?
    ... As attacks through web applications continue to rise, ... how a managed service can help you: ... most comprehensive solutions to meet your application security penetration ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)