[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200311172038.50424.christophe.casalegno@digital-network.net>
Date: Mon, 17 Nov 2003 20:38:46 +0100
From: Christophe Casalegno <christophe.casalegno@...ital-network.net>
To: Vincenzo Ciaglia <puccio@...ciolab.org>,
bugtraq@...urityfocus.com
Subject: Re: PCL-0002: Session Hijacking in "Sqwebmail"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le Mardi 18 Novembre 2003 02:18, Vincenzo Ciaglia a écrit :
> In this example, the victim has visualized our website reading the mail
> that we have sent to him. Visiting the link is been
> marked from our counter. Now we will be able to access to the victim's
> mail page admin and will be able to read and to send, calmly,
> its email without make login. The session comes sluice after approximately
> 20/30 minutes and the attacker has the time
> to make its comfortable ones.
>
That does'nt work on my system. There is also a protection by ip on sqwebmail
that verify this is the authentified ip that try to acces mailbox, but it
isn't the problem :
This is a apache web log on the visited site that comes from a sqwebmail mail
link :
manticore.digital-network.net - - [17/Nov/2003:20:23:07 +0100] "GET /
HTTP/1.1" 200 509 "-" "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4)
Gecko/20030630 Galeon/1.3.8"
manticore.digital-network.net - - [17/Nov/2003:20:23:08 +0100] "GET /menu.html
HTTP/1.1" 200 861 "http://www.xxxxx.org/" "Mozilla/5.0 (X11; U; Linux i686;
fr; rv:1.4) Gecko/20030630 Galeon/1.3.8"
manticore.digital-network.net - - [17/Nov/2003:20:23:08 +0100] "GET
/corps.html HTTP/1.1" 200 1041 "http://www.xxxxx.org/" "Mozilla/5.0 (X11; U;
Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8"
manticore.digital-network.net - - [17/Nov/2003:20:23:10 +0100] "GET
/Images/miscmag9.jpg HTTP/1.1" 200 45795 "http://www.xxxxx.org/corps.html"
"Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8"
manticore.digital-network.net - - [17/Nov/2003:20:23:10 +0100] "GET
/Images/menu.gif HTTP/1.1" 200 1071 "http://www.xxxxx.org/menu.html"
"Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8"
friendly,
- --
Christophe Casalegno | Digital Network | UIN : 153305055
http://www.digital-network.net | http://www.speed-connect.com
http://www.securite-reseaux.com | http://www.dnsi.info
Security engineer network/systems | Intrusion tests specialist.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/uSPG0mOixX2DR8IRAgwwAKChwAXyEaWJ8as9xw2GMHo8Q37AEgCeLyIV
RF5GZxFnNcl62C7TAOLfwjs=
=E5Jm
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists