Network Security: Detailed info on Re: RE: Re: Webscarab how to?

Subject:	Re: RE: Re: Webscarab how to?
Date:	Sun, 9 Jul 2006 12:48:27 +0100

Wrong format in the actual .txt as it seems to be ignoring the years?

-- c0redump

----- Original Message ----- From: f_kenisky@earthlink.net To: webappsec@securityfocus.com Sent: Friday, July 07, 2006 6:03 PM Subject: Re: RE: Re: Webscarab how to?


sorry about the first one my fingers got ahead of the brain.

Ok I've read through the FUZZER thingly page. Not 100% clear but I've copied the text and made a few corrections.

As far as the fuzzer is concerned I want to use the RegEx and put in some stuff on one of the identified fields.

When I put in a few RegEx characters and add the description and then click add I get the following dialog box; Error; Invalid regular expression! No wildcards permitted near index 0 ?-6*0-?^

Not really sure what I'm trying to get with this cool regular expression but it really doesn't matter since the fuzz won't take it.

After playing with the fuzzer I found an area (HTML) with a date field. MM dd YY. Three separate fields. I set up three separate .txt files with MM dd & YY. The .txt file for the month included all 12 months (as numeric values) and I also included a "-" and "*" just to see if the app would take that information.

Now I may be trying to do something that the Fuzzer wasn't intended to do so my apologies.

In esseence the month.txt file had 36 separate variables. i.e.(01, 02, 03...-01, -02, -03...*01,*02,*03etc)

The html page I'm referring to had an begining and ending date so I included both in the fuzz test and used the month.txt file for each during the same test.

With a year.txt file containing 50+ years the fuzzer only fuzzed 36 (the number of months).

Hope I'm clear here as I got a feeling I'm confusing more people.

Thanks

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm --------------------------------------------------------------------------

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using manual processes, or by using automated systems and tools. Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Webscarab how to?, mr . nasty Re: Webscarab how to?, Jezebel Ali Re: Webscarab how to?, Rogan Dawes Re: Re: Webscarab how to?, mr . nasty Re: Webscarab how to?, Rogan Dawes RE: Re: Webscarab how to?, PPowenski Re: RE: Re: Webscarab how to?, f_kenisky Re: RE: Re: Webscarab how to?, c0redump <= Re: Webscarab how to?, Rogan Dawes

Previous by Date:	Re: RE: Re: Webscarab how to?, f_kenisky
Next by Date:	Re: DMZ and critical data, èç
Previous by Thread:	Re: RE: Re: Webscarab how to?, f_kenisky
Next by Thread:	Re: Webscarab how to?, Rogan Dawes
Indexes:	[Date] [Thread] [Top] [All Lists]