Hello, list! Today I research "HTML Combo boxes - Parsing & Fuzzing" Feature Request[0]. while parsing and generating fuzzable requests we remember last value of select combo box in fuzzable request. Example 1: we have form like:
- TEXT - someText
- SEX -
- male
- female
we will have such mutants:
- mutant 1: SEX=<script>alert(1)</script>&TEXT=someText
- mutant 2: SEX=female&TEXT=<script>alert(1)</script>
The idea of Feature Request is to remember all combo values and create
such mutants:
- mutant 1: SEX=<script>alert(1)</script>&TEXT=someText
- mutant 2: SEX=male&TEXT=<script>alert(1)</script>
- mutant 3: SEX=female&TEXT=<script>alert(1)</script>
But! What we will have if there will be 2 combo boxes in HTML page?
Example 2:
- TEXT - someText
- SEX -
- male
- female
- HACKER -
- yes
- no
We need to cover all variants:
- mutant 1: SEX=<script>alert(1)</script>&TEXT=someText&HACKER=yes
- mutant 2: SEX=<script>alert(1)</script>&TEXT=someText&HACKER=no
- mutant 3: SEX=male&TEXT=<script>alert(1)</script>&HACKER=yes
- mutant 4: SEX=female&TEXT=<script>alert(1)</script>&HACKER=yes
- mutant 5: SEX=male&TEXT=<script>alert(1)</script>&HACKER=no
- mutant 6: SEX=female&TEXT=<script>alert(1)</script>&HACKER=no
- mutant 7: SEX=female&TEXT=someText&HACKER=<script>alert(1)</script>
- mutant 8: SEX=male&TEXT=someText&HACKER=<script>alert(1)</script>
...
What about 3 combos with 3 values and so on? What do you think about it?
While review code today I also found that we does not process "checked"
and "selected" attributes of option tag and radio|check boxes.
May it will be better take into account these attributes instead of
generate a lot of variants of fuzzable requests ever with some limit
value for combo boxes?
[0]https://sourceforge.net/tracker2/?func=detail&aid=2248574&group_id=170274&atid=853655
--
Тарас Иващенко (Taras Ivashchenko), OSCP
www.securityaudit.ru
----
"Software is like sex: it's better when it's free." - Linus Torvalds
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ W3af-develop mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-develop
