Parameter name injection - Not tested by WebInspect 9.x

[Danux <danuxx () gmail com>]

Old technique but still out of testers' radar. Ninety nine percent
(99%) of tools concentrate on identifying and injecting malicious code
into parameter values, also 99% of Developers concentrate on html
encoding parameter values specially to prevent client-side attacks,
but what about parameter names? is it worth to test/protect them?
Definitely it is. Highly exploitable in content management frameworks
which creates links or other DOM objects on the fly.

Surprisingly, WebInspect 9.x do not care about testing parameter
names, at least not when using its XSS-scan policy. Do you have
experience with other tools in this matter?

I prepared an example of this attack if interested:

http://danuxx.blogspot.com/2012/07/postget-parameters-name-injection.html


Enjoy it.

-- 
DanUx



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------