[W3af-svn-notify] [Task #149932] audit.eval
Status: Beta
Brought to you by:
andresriancho
From: SourceForge.net <no...@so...> - 2008-07-16 22:35:43
|
Task #149932 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: audit.eval Complete: 0% Status: Open Authority : andresriancho Assigned to: woodspeed Description: The idea of this task is to create an audit plugin that can find scripts that eval() user input. An example vulnerable script would be: ===eval.php=== <? eval($_GET['c']); ?> ============== And a way to check for this is to GET this URL: http://localhost/w3af/eval/eval.php?c=echo 'aaaa' . 'dddd'; And see if in the response we find "aaaadddd" (of course, aaaa and dddd should be replaced by two random strings of at least 6 of length.) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=149932&group_id=170274&group_project_id=50603 |