lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200309251629.17438.jeremiah@nur.net>
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: Verisign Login Hijacking

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 25 September 2003 08:23, SoloNet Newsfeed wrote:

<SNIP>

> The example format that Verisign uses whch allows for login-less access
> to the account administration (which, back in the good old days,
> required e-mail verification, Crypt-PW or even PGP, makes this
> laughable) Enjoy folks, here's your example URL:
>
>
> https://www.networksolutions.com/en_US/manage-it/domain-detail.jhtml;jsessi
>onid=XXXXXXXXXXXXXXXXXXXXXXX?accountId=11111111&instanceId=AA.B.22222222&hom
>e=true&_requestid=33333

<SNIP>
This also opens:
https://www.networksolutions.com/en_US/popexit/popstealth.html

cookie hell, 6 Month expiration:

[.networksolutions.com]
www.networksolutions.com ""                   "/"          1067121331  200 
poppr
ot              0    https:
www.networksolutions.com ""                   "/"          1067121331  200 
popse
en              0    seen
www.networksolutions.com ""                   "/"          2143238400  200 
vrsns
f               0    3P3RTLQGSKAHSCWLEALSFFA



I use Konqueror, under KDE, and the page stays open in a separate tab, instead 
of closing.  Cookie hell.  Source below:
______________________________________________________________

<html>

<head>

<title>NetworkSolutions Consumer Insight</title>
</head>
<script language=javascript>
var agt=navigator.userAgent.toLowerCase();
var major=(agt.indexOf('6',0));
var client=(agt.indexOf("msie"));

if (client>0)
{window.moveTo(1000,1000);}
else
{ }
</script>
<script language="javascript">
function getCookie(NameOfCookie)
{
	if (document.cookie.length > 0)
	{
		begin = document.cookie.indexOf(NameOfCookie+"=");
		if (begin != -1)
		{
		  begin += NameOfCookie.length+1;
		  end = document.cookie.indexOf(";", begin);
		  if (end == -1) end = document.cookie.length;
		  return unescape(document.cookie.substring(begin, end));
		  setCookie(NameOfCookie,true,1);
		}
	}
	return null;
}

//function for setting a cookie.
function setCookie(name, value, expires, path, domain, secure) {
  document.cookie = name + "=" + escape(value) + 
  ((expires == null) ? "" : "; expires=" + expires.toGMTString()) +
  ((path == null) ? "" : "; path=" + path) +
  ((domain == null) ? "" : "; domain=" + domain) +
  ((secure == null) ? "" : "; secure");
  return true;
}

// Expire date assigment (6 Months)
var expiredate;
expiredate=new Date;
expiredate.setMonth(expiredate.getMonth()+1);
// Writing the cookie , when the user sees the pop up.
document.cookie="popseen=seen;expires="+expiredate.toGMTString()+";path=/;";
document.cookie="popprot="+location.protocol
+";expires="+expiredate.toGMTString()+";path=/;";
var url = "://www.networksolutions.com/en_US/popexit/
popstealth2.html?adName=";

function error1()
{
url = url + document.F1.T3.value;
 		prot=getCookie("prot");
		if (prot=="https:")
			{
			url = "http"+url;
                        location.href= url;
			}
		else
			{
			url = "https"+url;
                        location.href= url;
			}
}

function error2()
{
url = url + document.F1.T3.value;
 		prot=getCookie("prot");
		if (prot=="https:")
			{
			url = "http"+url;
                        location.href= url;
			}
		else
			{
			 url = "https"+url;
                        location.href= url;
			}
}

</script>
<body onerror="error1()">

<form name="F1">
<input type="hidden" name="T1" value="0" size="66">
<input type="hidden" name="T2" value="0" size="66">
<input type="hidden" name="T3" value="1" size="66">
<p><font face="Verdana" color="#5B7997">NetworkSolutions Consumer Insight</
font></p>
</form>
<p>&nbsp;</p>
</body>
<script language=javascript>
var agt=navigator.userAgent.toLowerCase();
var major=(agt.indexOf('6',0));
var client=(agt.indexOf("msie"));

if (major>0 && client>0)
//{setInterval('vbcheckfx()',1000)}
{setInterval('checkfx()',1000)}
else
{setInterval('checkfx()',1000)}

function checkfx()
{  
	setCookie("prot",top.location.protocol);
	var x=window.opener.location;
        document.F1.T1.value=x;
	var y = document.F1.T1.value;
        if (y.indexOf('manage-it')>1 && document.F1.T3.value< 3) {
         document.F1.T3.value=2;
        }
        if (y.indexOf('order-receipt')>1){
         document.F1.T3.value=3;
        }

	window.onerror=error1;
	
	if((document.F1.T1.value).indexOf('object')>=1)
	 {error2();}

}

function openfx()
{
location.href="http://www.networksolutions.com/en_US/popexit/zone-live.html";
}
</script>
<script language="vbscript">
sub vbcheckfx()
	dim x
	on error resume next
	x=window.opener.document.title
	document.F1.T1.value=x
	if err.number <> 0 then
		'errval=1
		errx=getCookie("errcnt")
		if errx="1" then
			openfx
			err.clear
			'self.close
		else
			document.cookie="errcnt=1;expires="+expiredate.toGMTString()+";path=/;"
			popprot=getCookie("popprot")
			if popprot="https:" then
				location.href "http://www.networksolutions.com/en_US/popexit/
popstealth.html"
			else
				location.href "https://www.networksolutions.com/en_US/popexit/
popstealth.html"
			end if
		end if
	else
		document.cookie="errcnt=0;expires="+expiredate.toGMTString()+";path=/;"
		'errval=0
	end if
end sub
</script>
</html>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/c3pKJi2cv3XsiSARArwjAKC4wko+G8UpuEVpmWuAApELfqhtEgCg2Wlf
CpLqDpCZM2dlRGUJy7KfM3A=
=0JUx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ