One more thing: We could exploit the languages different fingerprints to
determine the programming language very specifically.
PHP:
%sphpinfo()%s (Match on "Zend_" and/or the same strings as
discovery/phpinfo.php matches on)
Python:
%s__name__%s (Match on "__main__")
Perl:
%s$^X%s (Match on "perl")
> This patch *may* work. Untested.
>
> <eval.py.patch>
>
>
>> Dan,
>>
>> On Tue, Mar 27, 2012 at 10:36 PM, Daniel Zulla
>> <daniel.zu...@googlemail.com> wrote:
>>> Hi there,
>>> The "string1"."string2" --> .match("string1string2") strategy of eval.py
>>> turned out to produce false-positives when the webapp strips out
>>> everything but [a-zA-Z0-9_-].
>>>
>>> Instead of "Error 404 "string1"."string2", string1string2 will be returned.
>>> Why not implementing it like this:
>>>
>>> Case 1) ."random_string"*5
>>> Case 2) ."random_string"x5
>>>
>>> If the response content contains
>>> "random_stringrandom_stringrandom_stringrandom_stringrandom_string" we can
>>> be sure that it is not a false-
>>> positive.
>>>
>>> What do you think?
>>
>> Sure! That's a good idea, I've been thinking about similar
>> solutions to that problem too but never got to implement them. My two
>> potential solutions were:
>> - Do some math, maybe random_number+random_number and look for the
>> result of that
>> - String replacement, 'abcdef'.replace('bcd', '111') and search for a111ef
>>
>> Your idea is equally nice and valid, if I would have to choose, I
>> would choose the one that uses the less amount of "special characters"
>> (like single quotes, quotes, parenthesis, etc.) in the payload being
>> sent; and the one that uses less characters at all (as a measurement
>> to reduce complexity). By taking those into account I think that both
>> the sum of two random numbers and the "string multiplication" are
>> almost the same.
>>
>> Want to give it a try at the code and send a patch?
>>
>> Regards,
>>
>>> Best,
>>> Dan
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF email is sponsosred by:
>>> Try Windows Azure free for 90 days Click Here
>>> http://p.sf.net/sfu/sfd2d-msazure
>>> _______________________________________________
>>> W3af-develop mailing list
>>> W3af-develop@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>>
>>
>> --
>> Andrés Riancho
>> Director of Web Security at Rapid7 LLC
>> Founder at Bonsai Information Security
>> Project Leader at w3af
>
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
