Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

DDoS attacks via other sites execution tool

M
MustLive
Tue, Jun 18, 2013 8:39 PM

Hello participants of Mailing List.

After you read my last article
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008846.html),
where I reminded you about using of the sites for attacks on other sites,
DDoS attacks via other sites execution tool (DAVOSET), sending spam via
sites and creating spam-botnets and wrote about advantages of attacks on
sites with using other sites (those articles I wrote in 2010), here is new
information for you.

Last week I've published online my DDoS attacks via other sites execution
tool (http://websecurity.com.ua/davoset/). It's tool for conducting
of DDoS attacks via Abuse of Functionality vulnerabilities on the sites,
which I've made in 2010. Description and changelog on English are presented
at my site. Where you can get my DAVOSET v.1.0.5 (made at 18.07.2010).

This is the last version of my DAVOSET. After that I've stopped its
development. But now I am planning to continue development of the software
and to release new versions (I'll release v.1.0.6 today).

For three years I was holding this tool privately, but now released it for
free access. So everyone can test Abuse of Functionality vulnerabilities at
multiple web sites - like Google's sites, W3C and many others, which were
informed by me many times during many years (I was informing admins of web
sites about such vulnerabilities since 2007), but ignored and don't want to
fix these holes for a long time, and for example Google continued to create
new services with Abuse of Functionality and Insufficient Anti-automation
vulnerabilities, which can be used for such DoS and DDoS attacks.

It must bring attention to the danger of these vulnerabilities (which I was
trying to do in my articles in 2010). Because in most cases owners of web
sites and web developers ignore and don't fix them. Which can be used for
DoS attacks as on other sites, as on the sites with Abuse of Functionality
vulnerabilities themselves, about which I wrote in my article Using of the
sites for attacks on other sites
(http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Hello participants of Mailing List. After you read my last article (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008846.html), where I reminded you about using of the sites for attacks on other sites, DDoS attacks via other sites execution tool (DAVOSET), sending spam via sites and creating spam-botnets and wrote about advantages of attacks on sites with using other sites (those articles I wrote in 2010), here is new information for you. Last week I've published online my DDoS attacks via other sites execution tool (http://websecurity.com.ua/davoset/). It's tool for conducting of DDoS attacks via Abuse of Functionality vulnerabilities on the sites, which I've made in 2010. Description and changelog on English are presented at my site. Where you can get my DAVOSET v.1.0.5 (made at 18.07.2010). This is the last version of my DAVOSET. After that I've stopped its development. But now I am planning to continue development of the software and to release new versions (I'll release v.1.0.6 today). For three years I was holding this tool privately, but now released it for free access. So everyone can test Abuse of Functionality vulnerabilities at multiple web sites - like Google's sites, W3C and many others, which were informed by me many times during many years (I was informing admins of web sites about such vulnerabilities since 2007), but ignored and don't want to fix these holes for a long time, and for example Google continued to create new services with Abuse of Functionality and Insufficient Anti-automation vulnerabilities, which can be used for such DoS and DDoS attacks. It must bring attention to the danger of these vulnerabilities (which I was trying to do in my articles in 2010). Because in most cases owners of web sites and web developers ignore and don't fix them. Which can be used for DoS attacks as on other sites, as on the sites with Abuse of Functionality vulnerabilities themselves, about which I wrote in my article Using of the sites for attacks on other sites (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Empathy v1.0   2024 ©Harmonylists.com