had to save this for posterity. ;-)

Connection String Parameter Pollution:

http://www.informatica64.com/csppScanner.aspx

more info here:

[Whitepaper – PDF] http://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdf

and

[Slides] http://www.slideshare.net/chemai64/connection-string-parameter-pollution-attacks-3057114

and

[Report] http://www.darkreading.com/database_security/security/vulnerabilities/showArticle.jhtml?articleID=222600894

So a bunch of you have emailed and/or asked for the mini installer from my “Metasploit Framework as a Payload” post. I got permission to post it up on my site. HOWEVER, new builds of both mini and the larger installer will be coming soon, so keep checking back for updates on Metasploit.com for updates on that.

Here are the links to the files:

mini-3.3-dev.exe (5.9M)

framework-3.3-dev-mini.exe (11.5 M)

framework-3.3-dev.exe (20.8M)

The two mini’s have a different amount of code taken out of them, so find what works best for you and your needs.

Also, you can download the deploymsf.rb and more on my Scripts and Programs tab as well as the link.

So here is the basic jist, you got a blob of code, you have to find the vulnerable part. And the next post explains where it and why it is the way it is. The technical equivalent to a daily crossword.

http://spotthevuln.com/

Read this:

http://code.google.com/p/doctype/wiki/ArticleFlashSecurity

Then this:

http://www.ivizsecurity.com/blog/web-application-security/testing-flash-applications-pen-tester-guide/

Then this:

http://carnal0wnage.blogspot.com/2009/11/decompiling-flash-files-with-swfscan.html

Also, attend one of Kevin Johnson’s talk on the subject, not sure if his stuff is posted anywhere yet though.