[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTimxZTFO7jqpOsUDnOKC_-GudWTNAHuJcg01dyAV@mail.gmail.com>
Date: Sat, 3 Jul 2010 05:41:21 -0700
From: Chris Evans <scarybeasts@...il.com>
To: MustLive <mustlive@...security.com.ua>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Redirectors: the phantom menace
2010/7/3 MustLive <mustlive@...security.com.ua>:
> Hello Sebastien!
>
> I'm glad that you liked the title of my article :-). For the title of the
> letter I used the title of my article, which I posted in September 2009 to
> the list (as I referenced in last letter). If you read at least some of my
> articles from 2009-2010, particularly from those which I wrote about to FD
> mailing list from September 2009 (when I became posting to the list), I like
> sometimes to use interesting titles for my articles.
>
> With such special titles I'm drawing people's attention to the problem. In
> case of this particular article, I'm telling that danger of redirectors are
> underestimating and they can be used for many different attacks, not only
> redirecting to other sites (i.e. redirectors represent the phantom menace
> for Internet community). Only recently WASC begun drawing attention to this
> kind of security issues in their TC v2 (released at 01.01.2010), where they
> added such class of vulnerability as URL Redirector Abuse.
>
>> It took me until half the post to realize this wasn't posted by
>> MusntLive but by the original MustLive.
>
> Different people use different styles for writing texts, so it's easy to
> distinguish my texts from text of others (including those who try to spoof
> on my letters). I'm not subscribed on the list,
Isn't it a little rude to spam the list with advisories of dubious
quality and value, yet not be a member of the community?
Cheers
Chris
> so I didn't know about such
> man as musnt live. But recently I received the letter from him, so I've
> become familiar with his kind of letters :-) (which are very not serious).
> So I've added his email to my blacklist and if he embarrassed you, then you
> can do the same (and just ban him). In this case ban both his and the second
> address, which I mentioned
> (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075412.html).
> Because these are both his addresses, as I found very quickly, from which
> (under different names) he was trying to spam me and to the list.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ----- Original Message -----
> From: "Sйbastien Duquette" <ekse.0x@...il.com>
> To: "MustLive" <mustlive@...security.com.ua>
> Cc: <full-disclosure@...ts.grok.org.uk>
> Sent: Monday, June 28, 2010 12:53 AM
> Subject: Re: [Full-disclosure] Redirectors: the phantom menace
>
>
>> It took me until half the post to realize this wasn't posted by
>> MusntLive but by the original MustLive. With a title like that, I
>> assumed it was some kind of mockery. Sometimes reality is stranger
>> than fiction...
>>
>> On Sun, Jun 27, 2010 at 4:45 PM, MustLive <mustlive@...security.com.ua>
>> wrote:
>>> Hello participants of Full-Disclosure!
>>>
>>> Additional information for those who read my article (and who still
>>> didn't
>>> they can do it) Redirectors: the phantom menace
>>> (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html).
>>>
>>> In addition to previous 12 attacks via open redirectors this year I added
>>> three new attacks (and soon would add more).
>>>
>>> To before-mentioned attacks the redirectors also can be used:
>>>
>>> - For conducting of XSS attacks via PDF files, which I wrote about in
>>> post
>>> regarding Script Injection in Adobe Acrobat
>>> (http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00049.html).
>>>
>>> - For conducting of DoS attacks on browsers via redirection to mailto:
>>> URL,
>>> which I wrote about in post DoS in Firefox, Internet Explorer, Chrome,
>>> Opera
>>> and other browsers (http://websecurity.com.ua/4206/). This concerns both
>>> open redirectors and closed redirectors
>>> (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html).
>>>
>>> - For bypassing of restrictions on URL at HTML Injection attacks,
>>> particularly Link Injection. As in case of vulnerability at
>>> news.yahoo.com
>>> (http://websecurity.com.ua/3723/). In contrast to bypass of protection
>>> filters at using of closed redirectors (attack #10), in this case not
>>> external redirector is using, but internal one (at this site, or at the
>>> site
>>> from allowed list).
>>>
>>> Best wishes & regards,
>>> MustLive
>>> Administrator of Websecurity web site
>>> http://websecurity.com.ua
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists