Re: [W3af-develop] Eval Plugin Idea

Tue, 27 Mar 2012 19:13:00 -0700 

Dan,

On Tue, Mar 27, 2012 at 10:36 PM, Daniel Zulla
<daniel.zu...@googlemail.com> wrote:
> Hi there,
> The "string1"."string2" --> .match("string1string2") strategy of eval.py 
> turned out to produce false-positives when the webapp strips out
> everything but [a-zA-Z0-9_-].
>
> Instead of "Error 404 "string1"."string2", string1string2 will be returned.
> Why not implementing it like this:
>
> Case 1) ."random_string"*5
> Case 2) ."random_string"x5
>
> If the response content  contains 
> "random_stringrandom_stringrandom_stringrandom_stringrandom_string" we can be 
> sure that it is not a false-
> positive.
>
> What do you think?

    Sure! That's a good idea, I've been thinking about similar
solutions to that problem too but never got to implement them. My two
potential solutions were:
    - Do some math, maybe random_number+random_number and look for the
result of that
    - String replacement, 'abcdef'.replace('bcd', '111') and search for a111ef

    Your idea is equally nice and valid, if I would have to choose, I
would choose the one that uses the less amount of "special characters"
(like single quotes, quotes, parenthesis, etc.) in the payload being
sent; and the one that uses less characters at all (as a measurement
to reduce complexity). By taking those into account I think that both
the sum of two random numbers and the "string multiplication" are
almost the same.

    Want to give it a try at the code and send a patch?

Regards,

> Best,
> Dan
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop



-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to