Hardly a day goes by that we don't hear new information about some company getting themselves hacked. Sure they all have firewalls, but HOW are the hackers getting in? I was hired to perform an application security audit for a local university. They wanted to make sure that they didn't become part of the growing statistics.

Exploit Video (9mb Download)
Exploit Fixed (1mb Download)

What you've just witnessed is an applicaiton vulnerability. I didn't attack the operating system, I simply interacted with and manipulated data given to me by the web server. As you can see, these attacks are staggeringly simple.

The link for this article located at Appiant.net is no longer available.