Hello, fellow F.D readers,
There have been a lot of recent IE exploits and talk of "browser-sec" floating
around recently and I thought "Hey, what if you made a script that actually
bruteforced html?" For example a script that spews out possible combinations of
HTML/ASP/JAVASCRIPT/JAVA/SQL/PHP:
<html><h\ntml><ht\nml>
<h\ntml><ht\nml> might not neccessarily cause anything to happen, let alone are
they valid tags, but by bruteforcing, it could cause currently unknown
vulnerabilities to appear to the security auditor. This could result in the
browser to run into buffer overflow or a similar crash. When a crash is found,
the program edits the file and slowly takes note of the current file, and
proceeds to delete part of the file till there are no more crashes. For
example:
<html><h\ntml><ht\nml>
would now become
<html><h\ntml><ht\nml
and subsequently
<html><h\ntml><ht\nm
Idea was inspired by the Samy worm:
http://namb.la/popular/tech.html
"To get around this, some browsers will actually interpret "java\nscript" as
"javascript" (that's
java<NEWLINE>script)."
Yours faithfully,
Malformation
P.S. Someone tell me this is an awesome idea, else I'll cry like a little girl.
_________________________________________________________________
It's simple! Sell your car for just $40 at CarPoint.com.au
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F859641&_t=762955845&_r=tig_OCT07&_m=EXT
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
