Spoofing

Check for features that trust a connection based on the domain from which the connection originates

Trust should not be elevated based on a domain name gained through a DNS reverse lookup (it can be spoofed).

Hand-craft SMTP messages

To, From, Subject, headers, body, and so forth can all be spoofed.

Modify HTTP Referer

Some features erroneously use this to ensure links originate from specific places.

Modify MAC address

Some features mistakenly believe that MAC addresses are unique and cannot be spoofed.

Spoofing IP address

Like the MAC address, a machine s IP can also be spoofed, which is commonly used in DDoS attacks.

Some text CR/LF Text on new line

Use a carriage return and linefeed ( CR/LF ) to inject a new line, which can alter the dialog box layout.

Some text TAB TAB TAB TAB More text

Use tab characters ( TAB ) to inject whitespace to cause the text to wrap to the next line in a dialog box.

Some text More text

Use a lot of spaces to cause the text to wrap to a new line in a dialog box.

Some text NULL Text is truncated

Use a NULL to truncate the line displayed.

C: goodfile.txt TAB TAB TAB TAB .exe

Use tab characters in the filename to cause part of the filename to wrap out of the viewable text area.

C: goodfile.txt .exe

Use spaces in the filename to cause part of the filename to wrap out of the viewable text area.

http://www.goodsite.com@ www.badsite.com

Some applications allow the user name and password to be specified as part of the URL. Use the user name to attempt to spoof the name of the server.

http://www.goodsite.com/good.txt%00bad.exe

Use an encoded null character ( 00) to truncate the name of a file.

http://www.goodsite.com/good.txt%0D%0Abad.exe

Use an encoded CR/LF ( 0D 0A) to inject a new line.