http://startupsecurity.info/blog/2008/11/06/typical-injection-points-in-a-web-application/ Security, for Startups Mon, 21 Sep 2009 16:57:21 +0000 http://wordpress.org/?v=2.9 hourly 1 http://startupsecurity.info/blog/2008/11/06/typical-injection-points-in-a-web-application/comment-page-1/#comment-14 Jason Likert Fri, 07 Nov 2008 21:32:01 +0000 http://startupsecurity.info/?p=79#comment-14 I've seen some patterns of using Contact Forms to exploit shoddy application logic or to execute denial of service attacks. In both cases an unprotected, or abysmally protected, Contact Form (without hidden form manipulation) was used to display customer data or use the form to generate thousands of spam messages to inundate the application. I’ve seen some patterns of using Contact Forms to exploit shoddy application logic or to execute denial of service attacks. In both cases an unprotected, or abysmally protected, Contact Form (without hidden form manipulation) was used to display customer data or use the form to generate thousands of spam messages to inundate the application.

]]>