RE: no standards for webapp exploitation

Hi Dave,  

> A major

I agree that this could be a problem. Where you "Match" some input from a web page, and then need to URL-quote it to send it back as a form variable is just one example, as you say.

I'm not sure how best to support something like this without introducing external dependencies, such as a Python interpreter with X modules, Perl with Y modules, etc, unless we create a library of functions that must be supported by a compliant VulnXML execution engine? We would need to define the API for them, and the engine would need to provide the implementation.

VulnXML is quite capable of describing exploits of a slightly more static nature, though.

> My HTTP exploits for

There is no reason why VulnXML cannot be executed in a multi-threaded program.

My Perl skunkworks implementation did not use a particularly well-optimised method of expanding variables, which could be the reason that you believe that multi-threaded implementation is not possible?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

But as Ingo suggested, by calculating the cross-product of all the possible variables in a VulnXML description, you can obtain a list of single tests (with possibly multiple steps!) that can be executed independently of each other. The original intention with VulnXML is that each test should be stand-alone. That includes the individual tests that result from initial variable expansion. Obviously, for multiple-step tests, all steps would have to be executed in a single thread.

You would simply need some method of parceling out the tests to each thread, and accumulating their results.

Of course, if there is some other reason why you think that VulnXML is not capable of threading, please let me know! :-)

> -dave
>

Rogan

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre(at)Deloitte.co.za. Received on Thu Jul 3 11:36:05 2003