// Inject the 'safe' eyecatcher and see where it appears
boolean attackWorked = false;
setParameter(msg, param, Constant.getEyeCatcher());
sendAndReceive(msg);
HtmlContextAnalyser hca = new HtmlContextAnalyser(msg);
List<HtmlContext> contexts = hca.getHtmlContexts(Constant.getEyeCatcher(), null, 0);
if (contexts.size() == 0) {
// Lower case?
contexts = hca.getHtmlContexts(Constant.getEyeCatcher().toLowerCase(), null, 0);
}
if (contexts.size() == 0) {
// Upper case?
contexts = hca.getHtmlContexts(Constant.getEyeCatcher().toUpperCase(), null, 0);
}
if (contexts.size() == 0) {
// No luck - try again, appending the eyecatcher to the original value
setParameter(msg, param, param + Constant.getEyeCatcher());
sendAndReceive(msg);
hca = new HtmlContextAnalyser(msg);
contexts = hca.getHtmlContexts(value + Constant.getEyeCatcher(), null, 0);
}
if (contexts.size() == 0) {
// No luck - lets just try a direct attack
List<HtmlContext> contexts2 = performAttack (msg, param,
"'\"<script>alert(1);</script>", null, 0);