List,
I'm trying to improve the framework's performance by setting up a
list of parameter names that should *never* be fuzzed. Most of the
parameters I have in the list are related to different implementations
of view state, which will never have a ""SQL Injection""
vulnerability. So... this is the list for now:
IGNORED_PARAMETERS = ['__EVENTTARGET', '__EVENTARGUMENT',
'__VIEWSTATE', '__VIEWSTATEENCRYPTED',
'__EVENTVALIDATION',
'__dnnVariable', 'javax.faces.ViewState',
'jsf_state_64',
'jsf_sequence', 'jsf_tree', 'jsf_tree_64',
'jsf_viewid', 'jsf_state']
Can somebody think about other parameter names that I should add
to the list? If so, please send them in response to this message with
a small explanation of what they came from.
Thanks!
Cheers,
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
