Andres, > Yes, a lot of sense to me in the case of the fuzzing, but not that > much sense on the side of "finding a vulnerability" trying to send a > request with maxlength-1 , maxlength, maxlength+1. Why not sending > directly maxlength+whatever and see what happens?
What about complex JavaScript client side checks? Such maxlength check can be made on JavaScript. And I think in most cases such checks will be on JavaScript because simply it more powerful then HTML attributes like maxlength. -- Taras - OSCP, OSWP ---- "Software is like sex: it's better when it's free." - Linus Torvalds
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
