lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200311172038.50424.christophe.casalegno@digital-network.net>
Date: Mon, 17 Nov 2003 20:38:46 +0100
From: Christophe Casalegno <christophe.casalegno@...ital-network.net>
To: Vincenzo Ciaglia <puccio@...ciolab.org>,
	bugtraq@...urityfocus.com
Subject: Re: PCL-0002: Session Hijacking in "Sqwebmail"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le Mardi 18 Novembre 2003 02:18, Vincenzo Ciaglia a écrit :

> In this example, the victim has visualized our website reading the mail
> that we have sent to him. Visiting the link is been
> marked from our counter. Now we will be able to access to the victim's
> mail page admin and will be able to read and to send, calmly,
> its email without make login. The session comes sluice after approximately
> 20/30 minutes and the attacker has the time
> to make its comfortable ones.
>

That does'nt work on my system.  There is also a protection by ip on sqwebmail 
that verify this is the authentified ip that try to acces mailbox, but it 
isn't the problem :

This is a apache web log on the visited site that comes from a sqwebmail mail 
link :

manticore.digital-network.net - - [17/Nov/2003:20:23:07 +0100] "GET /
HTTP/1.1" 200 509 "-" "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4)
Gecko/20030630 Galeon/1.3.8"
manticore.digital-network.net - - [17/Nov/2003:20:23:08 +0100] "GET /menu.html
HTTP/1.1" 200 861 "http://www.xxxxx.org/" "Mozilla/5.0 (X11; U; Linux i686;
fr; rv:1.4) Gecko/20030630 Galeon/1.3.8"
manticore.digital-network.net - - [17/Nov/2003:20:23:08 +0100] "GET
/corps.html HTTP/1.1" 200 1041 "http://www.xxxxx.org/" "Mozilla/5.0 (X11; U;
Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8"
manticore.digital-network.net - - [17/Nov/2003:20:23:10 +0100] "GET
/Images/miscmag9.jpg HTTP/1.1" 200 45795 "http://www.xxxxx.org/corps.html"
"Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8"
manticore.digital-network.net - - [17/Nov/2003:20:23:10 +0100] "GET
/Images/menu.gif HTTP/1.1" 200 1071 "http://www.xxxxx.org/menu.html"
"Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8"

friendly,

- -- 
Christophe Casalegno | Digital Network | UIN : 153305055
http://www.digital-network.net | http://www.speed-connect.com
http://www.securite-reseaux.com | http://www.dnsi.info
Security engineer network/systems | Intrusion tests specialist.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/uSPG0mOixX2DR8IRAgwwAKChwAXyEaWJ8as9xw2GMHo8Q37AEgCeLyIV
RF5GZxFnNcl62C7TAOLfwjs=
=E5Jm
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ