Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness
"Gray Hat Hacking, Second Edition"
??? If you can define the vocabulary understood by the component, you can build better test cases by injecting invalid bits into valid language constructs. ??? When the application being tested crashes, you need some way to reproduce the input that caused the crash. MangleMe does this with its remangle component. Gray Hat Hacking: The Ethical Hacker??™s Handbook 372 References MangleMe homepage http://freshmeat.net/projects/mangleme/ MangleMe example test page http://lcamtuf.coredump.cx/mangleme/mangle.cgi The meta refresh HTML tag http://en.wikipedia.org/wiki/Meta_refresh Port of MangleMe to Python script www.securiteam.com/tools/6Z00N1PBFK.html AxEnum If we speculate about all the undiscovered browser-based client-side vulnerabilities in existence, more are probably in components loaded by the browser than in the browser??™s HTML parsing code itself. The javaprxy.dll and WMIScriptUtils vulnerabilities discussed earlier are two good representative samples of the type of vulnerability found in COM objects, one way that browsers can load additional components. The javaprxy.dll vulnerability was a COM object that was never intended to be loaded in an