Viele Gruesse
Achim
On Sun, 15 Nov 2009, Andres Riancho wrote:
!! > So, identifying length limits, hidden values and constants (i.e. select
options)
!! > is a good idea and can be feed to a fuzzer plugin to make more
sophisticated
!! > tests.
...
!! > Does this make sense?
!!
!! Yes, a lot of sense to me in the case of the fuzzing, but not that
!! much sense on the side of "finding a vulnerability" trying to send a
!! request with maxlength-1 , maxlength, maxlength+1. Why not sending
!! directly maxlength+whatever and see what happens?
Following assumtion:
If the application sets a maxlength in the form, it could be assumed
that it does some (input)data validation according this length also.
If we fuzz with values -lets say +-5 or +-10 - arround the maxlength value,
the chance is much greater to find a off-by-one weakness, a buffer overflow
or a format string weakness rather then bothering the application with huge
payloads.
Also keep in mind that a huge payload may be filtered off before passed
to the final application.
I believe that testing/fuzzing with some kind of intelligence should
generate better results.
Achim
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
