Subject: firefox extension for looping through a form? - msg#00131

Previous Message by Date: click to view message preview

Scanning internal Lan using PHP remote file opening.

Hi all, Abstract: ----- Even if some website is still vulnerable to remote file inclusion (RFI), this is becoming a quite rare scenery. Nonetheless, much more often it happens that some of the php functions allowing http or ftp protocol wrappers are exposed to user control. A perfect example for this tecnique is a fully controlled getsizeimage() function with allow_url_fopen. No RFI, no data returned, it could be just used for DoS. <? getimagesize($_GET['image']); ... ?> Obviously there's no RFI, and until yesterday probably nobody would care about check,inspect or exploit it. This article explains that some kind of attack could still be accomplished: Lan scanning and Drive by Pharming with error matching or time analisys. ------ PermaLink: http://www.wisec.it/sectou.php?id=46d592056b008 Francesco `ascii` Ongaro's POC: http://www.ush.it/2007/08/29/scanning-dmz-hosts-with-remote-file-opening/ Comments are, as usual, appreciated. Regards, Stefano -- ...oOOo...oOOo.... Stefano Di Paola CTO at Minded Security http://www.mindedsecurity.com Owasp Italy R&D Director Web: www.wisec.it .................. signature.asc Description: Questa =?ISO-8859-1?Q?=E8?= una parte del messaggio firmata digitalmente

Next Message by Date: click to view message preview

Re: How to detect XSS in an automated fashion

Hi Deepan The script was intentionally quite restrictive because it was being hosted on my site and it is an example of a HTML/JS fuzzer not a XSS fuzzer. However the code is available to download if anyone wishes to modify it and improve it. I created the fuzzer to find new and interesting ways of javascript execution and although it did find a few things I'm sure it can be greatly improved. Download available here:- http://code.google.com/p/jsfuzzer/downloads/list The code is open source but if you want to use it or improve it let me know as I'm interested in how it's being used. Cheers Gareth On Fri, 31 Aug 2007 04:37:29 +0100 DeeÃan Chakravarthy <codeshepherd@xxxxxxxxx> wrote: >gaz_sec@xxxxxxxxxxxx wrote: >> True my Fuzzer works in the browser, so it doesn't need an >> interpreter:- >> <http://www.businessinfo.co.uk/labs/jsfuzz/fuzz.php> >> >> >> >Hi Gaz_sec, > I just tried the above URL. Pardon my ignorance. How do I >specify >the URL of target site ? >Should I have to call this URL from JS in target site ? Have I got >the >whole thing wrong ? > >-- >Deepan >http://codeshepherd.com/ >http://codeshepherd.blogspot.com/ >http://sudoku-solver.net/ -- Click to reduce wrinkles, increase energy and drive - anti-aging. http://tagline.hushmail.com/fc/Ioyw6h4dWDHU2Ko6PXtiLA1jrg7qH47rXdKYQNvsxyfs4A4Kr0tZmq/ ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Previous Message by Thread: click to view message preview

Scanning internal Lan using PHP remote file opening.

Hi all, Abstract: ----- Even if some website is still vulnerable to remote file inclusion (RFI), this is becoming a quite rare scenery. Nonetheless, much more often it happens that some of the php functions allowing http or ftp protocol wrappers are exposed to user control. A perfect example for this tecnique is a fully controlled getsizeimage() function with allow_url_fopen. No RFI, no data returned, it could be just used for DoS. <? getimagesize($_GET['image']); ... ?> Obviously there's no RFI, and until yesterday probably nobody would care about check,inspect or exploit it. This article explains that some kind of attack could still be accomplished: Lan scanning and Drive by Pharming with error matching or time analisys. ------ PermaLink: http://www.wisec.it/sectou.php?id=46d592056b008 Francesco `ascii` Ongaro's POC: http://www.ush.it/2007/08/29/scanning-dmz-hosts-with-remote-file-opening/ Comments are, as usual, appreciated. Regards, Stefano -- ...oOOo...oOOo.... Stefano Di Paola CTO at Minded Security http://www.mindedsecurity.com Owasp Italy R&D Director Web: www.wisec.it .................. signature.asc Description: Questa =?ISO-8859-1?Q?=E8?= una parte del messaggio firmata digitalmente

Next Message by Thread: click to view message preview

Re: firefox extension for looping through a form?

offset wrote: Does anyone know of a firefox extension that would allow me to loop through a form? For example, if I have a list of search items that I want to loop through google (or any form for that matter), is there an extension that will allow me to do what I want? I don't want to use the google api. Hi Gracias, You can write a simple greasemonkey+ chickenfoot script to do it. I'm not sure if you can use TestGen4web for this, but can explore that also. Chickenfoot scripts must be the quickest method. It's not really scripting, more like english. -- Deepan http://codeshepherd.com/ http://codeshepherd.blogspot.com/ http://sudoku-solver.net/ ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]