|
WebApp Sec
mailing list archives
Re: RE: Re: Webscarab how to?
From: <c0redump () ackers org uk>
Date: Sun, 9 Jul 2006 12:48:27 +0100
Wrong format in the actual .txt as it seems to be ignoring the years?
-- c0redump
----- Original Message -----
From: f_kenisky () earthlink net
To: webappsec () securityfocus com
Sent: Friday, July 07, 2006 6:03 PM
Subject: Re: RE: Re: Webscarab how to?
sorry about the first one my fingers got ahead of the brain.
Ok I've read through the FUZZER thingly page. Not 100% clear but I've
copied the text and made a few corrections.
As far as the fuzzer is concerned I want to use the RegEx and put in some
stuff on one of the identified fields.
When I put in a few RegEx characters and add the description and then click
add I get the following dialog box;
Error;
Invalid regular expression!
No wildcards permitted near index 0
?-6*0-?^
Not really sure what I'm trying to get with this cool regular expression but
it really doesn't matter since the fuzz won't take it.
After playing with the fuzzer I found an area (HTML) with a date field. MM
dd YY. Three separate fields. I set up three separate .txt files with MM
dd & YY. The .txt file for the month included all 12 months (as numeric
values) and I also included a "-" and "*" just to see if the app would take
that information.
Now I may be trying to do something that the Fuzzer wasn't intended to do so
my apologies.
In esseence the month.txt file had 36 separate variables. i.e.(01, 02,
03...-01, -02, -03...*01,*02,*03etc)
The html page I'm referring to had an begining and ending date so I included
both in the fuzz test and used the month.txt file for each during the same
test.
With a year.txt file containing 50+ years the fuzzer only fuzzed 36 (the
number of months).
Hope I'm clear here as I got a feeling I'm confusing more people.
Thanks
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: Webscarab how to?, (continued)
|
Intro
