Everybody, hi!
Hmmm, it looks strange, but when I tested it in PHP I got this: test URL: http://localhost/w3af/core/htmlParser/abc.php?sp=1&sp=spam&sp=eggs abc.php: ... var_dump($_GET); ... output (of abc.php): array(1) { ["sp"]=> string(4) "eggs" } So we can see that only the last one value is setted. We can make result in PHP as in topic by such query string like: http://localhost/w3af/core/htmlParser/abc.php?sp[]=1&sp[]=spam&sp[]=eggs Output: array(1) { ["sp"]=> array(3) { [0]=> string(1) "1" [1]=> string(4) "spam" [2]=> string(4) "eggs" } } On Thu, 2009-03-12 at 14:43 -0200, Facundo Batista wrote: > 2009/3/11 Andres Riancho <andres.rian...@gmail.com>: > > > http://host.tld/index.do?sp=1&sp=spam&sp=eggs > > > > ... > > XSS. After some small searching, I realized the repeated parameter > > names are actually a valid thing in the RFC, and is supported by > > Yes, and one of the reasons why the cgi.parse_qs() function returns a > list of values for each key. > > Like: > > >>> cgi.parse_qs("sp=1&sp=spam&sp=eggs&foo=bar") > {'foo': ['bar'], 'sp': ['1', 'spam', 'eggs']} > > Regards, > -- Тарас Иващенко (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
