Closed GoogleCodeExporter closed 8 years ago
I would consider these substantial differences. Why is the comment block
appearing
and disappearing at random, for example?
Skipfish is using the differential approach to catch blind injection attacks;
for
example, if for one input, the page returns:
<span>No matches for 'foobar' found</span>
...but for another, does:
<span>[An error occurred processing this directive]</span>
...we want to be able to detect it. While skipfish permits a certain amount of
subtle
changes on the page, and only looks at word length distribution to build a
signature,
in your case, it has no way to tell this vulnerable case from the example of
your
service, where something around 16 words randomly appears and disappears on a
page.
There is a check that tries to detect this by sending around 15 pre-fuzzing
requests
and comparing the responses, but there is only so far it can go.
My recommendation would be to disable the disappearing comment and QOTD
functionality
for the duration of the scan. Otherwise, I don't think this can be
realistically
fixed, unless skipfish is redesigned to use a signature-based approach, which
is
generally inferior.
Cheers,
/mz
Original comment by lcam...@gmail.com
on 25 Mar 2010 at 7:58
Original issue reported on code.google.com by
leon.mat...@gmail.com
on 25 Mar 2010 at 7:38