Summer,
On Thu, Apr 29, 2010 at 11:23 AM, Summer nguyen <summer0ngu...@gmail.com> wrote:
> Dear Sir,
> After reading carefully, I realize that..I think the idea is very bad..I'm
> sorry
> I will try another idea.. thank you very much
I think that the idea is not bad, the issue is that all web
applications which are written in specific programming languages are
vulnerable to this attack, which sometimes can be exploited to perform
some real harm, and sometimes it can't.
I wouldn't waste a lot of time in this plugin, as it might me
useless in most cases.
Regards,
> On Wed, Apr 28, 2010 at 8:10 PM, Summer nguyen <summer0ngu...@gmail.com>
> wrote:
>>
>> Dear Experts,
>> I am trying to write HTTP Parameter Pollution Audit Plugin.
>> The idea is : Try to send sth like : name=Spring&name=Summer
>> Check the response for : name=Spring,Summer => VULN
>> is it an acceptable idea ?
>>
>> And, IF the above idea is acceptable, I have problem with creating
>> mutants.
>> How to create mutant with name=Spring&name=Summer ? Do I have to create a
>> new fuzzer-like file to get new Createmutant fuction ?
>> Can you give me some advices ?
>> Thank you very much...
>>
>> --
>> Best Regards,
>> Summer Nguyen .
>
>
>
> --
> Best Regards,
> Summer Nguyen .
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
