[W3af-develop] About HTML parsing and combo boxes

Sat, 31 Jan 2009 14:13:25 -0800 

Hello, list!

Today I research "HTML Combo boxes - Parsing & Fuzzing" Feature
Request[0].
while parsing and generating fuzzable requests we remember last value of
select combo box in fuzzable request.
Example 1:
we have form like:

- TEXT - someText
- SEX -
      - male
      - female

we will have such mutants:

- mutant 1: SEX=<script>alert(1)</script>&TEXT=someText
- mutant 2: SEX=female&TEXT=<script>alert(1)</script>

The idea of Feature Request is to remember all combo values and create
such mutants:

- mutant 1: SEX=<script>alert(1)</script>&TEXT=someText
- mutant 2: SEX=male&TEXT=<script>alert(1)</script>
- mutant 3: SEX=female&TEXT=<script>alert(1)</script>

But! What we will have if there will be 2 combo boxes in HTML page?

Example 2:
- TEXT - someText
- SEX -
      - male
      - female
- HACKER -
      - yes
      - no

We need to cover all variants:
- mutant 1: SEX=<script>alert(1)</script>&TEXT=someText&HACKER=yes
- mutant 2: SEX=<script>alert(1)</script>&TEXT=someText&HACKER=no
- mutant 3: SEX=male&TEXT=<script>alert(1)</script>&HACKER=yes
- mutant 4: SEX=female&TEXT=<script>alert(1)</script>&HACKER=yes
- mutant 5: SEX=male&TEXT=<script>alert(1)</script>&HACKER=no
- mutant 6: SEX=female&TEXT=<script>alert(1)</script>&HACKER=no
- mutant 7: SEX=female&TEXT=someText&HACKER=<script>alert(1)</script>
- mutant 8: SEX=male&TEXT=someText&HACKER=<script>alert(1)</script>
...
What about 3 combos with 3 values and so on? What do you think about it?

While review code today I also found that we does not process "checked"
and "selected" attributes of option tag and radio|check boxes.
May it will be better take into account these attributes instead of
generate a lot of variants of fuzzable requests ever with some limit
value for combo boxes?

[0]https://sourceforge.net/tracker2/?func=detail&aid=2248574&group_id=170274&atid=853655

-- 
Тарас Иващенко (Taras Ivashchenko), OSCP
www.securityaudit.ru
----
"Software is like sex: it's better when it's free." - Linus Torvalds

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to