[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <d791b8790904080021m26e23d53s3b5260d546548c46@mail.gmail.com>
Date: Wed, 8 Apr 2009 00:21:53 -0700
From: Matthew Dempsky <matthew@...psky.org>
To: bugtraq@...urityfocus.com
Subject: Re: Adgregate ShopAd widget validation is vulnerable to replay attack
On Tue, Apr 7, 2009 at 6:56 PM, Matthew Dempsky <matthew@...psky.org> wrote:
> As an update, since I submitted my first message, Adgregate changed
> their validation mechanism. The current method is still
> intermittently vulnerable to replay attacks, but now there's actually
> an expiration mechanism to deal with.
I've updated http://shinobi.dempsky.org/~matthew/adgregate.html to
handle the new validation mechanism.
It's basically the same as before, except every 5 minutes (aligned
with the hour) the (single, global) validation string changes. You
can easily retrieve the current one using curl:
$ curl -e https://secure.adgregate.com/vid_m_widget.swf \
> https://secure.adgregate.com/validatewidget.aspx?wid=1
&validation=3F228F6F-6B30-4BB4-A7D0-EF5D7F4ABD54
I'll continue updating the above URL as they (hopefully) further
revise the scheme, but I'm going to refrain from spamming BugTraq
about it.
Powered by blists - more mailing lists