Bruteforcing HTML and browser-sec to find BoF's

[Malformed Guy <malformation () hotmail com>]

Hello, fellow F.D readers,

There have been a lot of recent IE exploits and talk of "browser-sec" floating around recently and I thought "Hey, what 
if you made a script that actually bruteforced html?" For example a script that spews out possible combinations of 
HTML/ASP/JAVASCRIPT/JAVA/SQL/PHP:

<html><h\ntml><ht\nml> 

<h\ntml><ht\nml> might not neccessarily cause anything to happen, let alone are they valid tags, but by bruteforcing, 
it could cause currently unknown vulnerabilities to appear to the security auditor. This could result in the browser to 
run into buffer overflow or a similar crash. When a crash is found, the program edits the file and slowly takes note of 
the current file, and proceeds to delete part of the file till there are no more crashes.  For example:

<html><h\ntml><ht\nml>
would now become 
<html><h\ntml><ht\nml
and subsequently
<html><h\ntml><ht\nm

Idea was inspired by the Samy worm:
http://namb.la/popular/tech.html
"To get around this, some browsers will actually interpret "java\nscript" as "javascript" (that's 
java<NEWLINE>script)."

Yours faithfully,
Malformation

P.S. Someone tell me this is an awesome idea, else I'll cry like a little girl.

_________________________________________________________________
It's simple! Sell your car for just $40 at CarPoint.com.au
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F859641&_t=762955845&_r=tig_OCT07&_m=EXT

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/