Finally, after tons and tons of features, I was able to create a 'Complete Vulnerability Trace' for an HacmeBank Sql Injection vulnerability.
And by 'Complete Vulnerability Traces' I mean a trace that:
- starts on the Exploit Layer (i.e. the browser entry point),
- then goes through the Web Layer code,
- then does a jump over the 'internet' into the Web Services layer,
- and ends up in the vulnerable .NET System.Data method :)
Using O2's MediaWiki API, I created the following 'draft with tons of screenshots' wiki page (containing details of what this trace looks like): http://o2platform.com/wiki/O2_.NET_AST_Scanner_-_HacmeBank_-_SQL_Injection_PoC
The example is shown in the "O2 .NET Ast Engine" module, and tomorrow I will post details on how to consume (most of) it from the "O2 .NET Ast Scanner" module (which will be easier to use)