lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Feb 2007 20:36:31 -0800 (PST) From: Gaurang Pandya <gaubrig@...oo.com> To: Martin Johns <martin.johns@...il.com>, "auto400208@...hmail.com" <auto400208@...hmail.com>, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: Drive-by Pharming Threat just wondering why cant simple perl script be used instead?? Gaurang. --- Martin Johns <martin.johns@...il.com> wrote: > On 2/19/07, auto400208@...hmail.com < > auto400208@...hmail.com> wrote: > > I am curious as to how one "automatically" logs > on? > > There are several potential methods (depending on > the victim's browser): > 1) Older versions of Flash allow the spoofing of > arbitrary http > headers [1] thus allowing the creation of attacker > controlled > Authorization-headers. > 2) Firefox does not display http-authentication > warnings if the http > request was generated by the browser's link-prefetch > mechanism [2]. > 3) An anti-DNS-pinning attack [3] can be executed to > break the > same-origin policy. Then the low-level socket > functions of either > Flash (all browsers) [4] or Java (Firefox and Opera) > [5] could be > employed to create arbitrary http requests. > > [1] > http://www.securityfocus.com/archive/1/441014/30/0/threaded > [2] > http://blog.php-security.org/archives/56-Bruteforcing-HTTP-Auth-in-Firefox-with-JavaScript.html > [3] http://shampoo.antville.org/stories/1451301/ > [4] http://www.jumperz.net/index.php?i=2&a=1&b=8 > [5] http://shampoo.antville.org/stories/1566124/ > > -- > Martin Johns > http://shampoo.antville.org > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - > http://secunia.com/ > ____________________________________________________________________________________ Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists