And if Tomas shares his code, that would be nice too :D
On Mon, Jul 15, 2013 at 11:49 AM, Dominique Righetto
wrote:
> Hi,
>
> Thanks you. I will use your feedback to understand and find the
> vulnerability detection methods.
>
> Best regards,
> Dom
>
> --
> Cordialement, Best regards,
> Dominique
Hi,
Thanks you. I will use your feedback to understand and find the
vulnerability detection methods.
Best regards,
Dom
--
Cordialement, Best regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
"No trees
On Sun, Jul 14, 2013 at 4:49 AM, Dominique RIGHETTO
wrote:
> Hi Tomas,
>
> Thanks you very much.
>
> I try to understand the objective of each of the value in
> ["-012345", "-2147483649", "-2147483648", "012345", "2147483647",
> "2147483648", "4294967295", "4294967296", "023456"].
>
>
On Sat, Jul 13, 2013 at 10:48 AM, Tomas Velazquez
wrote:
> Hi Dominique,
>
> Months ago I code a poc of integer overflow, but it is unfinished.
Well, then you guys should work together on it :)
> My code is based on skipfish detection:
> http://code.google.com/p/skipfish/source/browse/trunk/src/
The xss [0] plugin is a good example for what you're trying to
achieve. The interesting parts are:
fake_mutants = create_mutants(freq, ['',])
Where you create mutants (modified http requests) based on a fuzzable
request (which is the result of the crawling phase) with a "fake"
value of an emp
