| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030306123523.26421.qmail@www.securityfocus.com> Date: 6 Mar 2003 12:35:23 -0000 From: Hugo "Vázquez" "Caramés" <overclocking_a_la_abuela@...mail.com> To: bugtraq@...urityfocus.com Subject: ILLC We would like to clarify some points on our previous post about Inverse Lookup Log Corruption. "ILLC" has nothing to do with CERT advisory "CA-2000-02" (http://www.cert.org/advisories/CA-2000-02.html). With our technique an attacker can spoof the IP on web server logs...(completely on Iplanet and partially on Apache). Moreover an attacker can also hide requests on the Iplanet log analyzer (with the "format=" prefix on it's hostname)... This allowed us to show 7 new different bugs: -Partial log IP spoofing on Apache (ILLC) -Full IP spoofing on Iplanet (ILLC) -Full hiding requests on Iplanet (ILLC) -XSS on Iplanet Log Analyzer (ILLC) -XSS on WebTrends (XSS in HostName) -XSS on Surfstats (XSS in HostName) -XSS on Webexpert (XSS in HostName) While playing around with log analyzers, we also found other 2 XSS bugs (these ones exploiting CERT advisory "CA-2000-02" ) -XSS on LoganPro (XSS in UserAgent) -XSS on Webexpert (XSS in UserAgent) Regards, Hugo Vázquez Caramés & Toni Cortés Martínez Infohacking Research 2001-2003 Barcelona Spain
Powered by blists - more mailing lists