Skip to main content
Cybersecurity

Table 1 Example of Mutation Rules for Variable Strings

From: ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities

Section

Mutation Rule

Example of Mutated Value

ntpserver1

Overflow

time.test1.comtime.test1.com... (repeat 20 times)

 

NULL-pointer dereference

(empty value)

 

Command Injection

time.test1.com";wget http://PROXY_SERVER/ntpserver1;

 

Cross-site scripting

time.test1.com"; <script>alert(’xss_ntpserver1’) </script >

 

Format String

time.test1.com%s%s%s%s%s%s%s%s%s%s

URL

http://DEVICE_IP/apply.cgi?/NTP_debug.htm/../../etc/passwd

Back to article page