Re: [W3af-develop] Eval Plugin Idea

Tue, 27 Mar 2012 19:26:25 -0700 

This patch *may* work. Untested.

Attachment: eval.py.patch
Description: Binary data



> Dan,
> 
> On Tue, Mar 27, 2012 at 10:36 PM, Daniel Zulla
> <daniel.zu...@googlemail.com> wrote:
>> Hi there,
>> The "string1"."string2" --> .match("string1string2") strategy of eval.py 
>> turned out to produce false-positives when the webapp strips out
>> everything but [a-zA-Z0-9_-].
>> 
>> Instead of "Error 404 "string1"."string2", string1string2 will be returned.
>> Why not implementing it like this:
>> 
>> Case 1) ."random_string"*5
>> Case 2) ."random_string"x5
>> 
>> If the response content  contains 
>> "random_stringrandom_stringrandom_stringrandom_stringrandom_string" we can 
>> be sure that it is not a false-
>> positive.
>> 
>> What do you think?
> 
>    Sure! That's a good idea, I've been thinking about similar
> solutions to that problem too but never got to implement them. My two
> potential solutions were:
>    - Do some math, maybe random_number+random_number and look for the
> result of that
>    - String replacement, 'abcdef'.replace('bcd', '111') and search for a111ef
> 
>    Your idea is equally nice and valid, if I would have to choose, I
> would choose the one that uses the less amount of "special characters"
> (like single quotes, quotes, parenthesis, etc.) in the payload being
> sent; and the one that uses less characters at all (as a measurement
> to reduce complexity). By taking those into account I think that both
> the sum of two random numbers and the "string multiplication" are
> almost the same.
> 
>    Want to give it a try at the code and send a patch?
> 
> Regards,
> 
>> Best,
>> Dan
>> 
>> 
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> W3af-develop mailing list
>> W3af-develop@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> 
> 
> 
> -- 
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop






















					Reply via email to