lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <052a30730855905f9d5faa05229443e6@mail.ankalagon.ru>
Date: Sun, 22 Aug 2010 23:04:55 +0400
From: Владимир Воронцов
	<vladimir.vorontsov@...ec.ru>
To: Full disclosure <full-disclosure@...ts.grok.org.uk>
Subject: SDRF vulns in webapps and browsers

Hello, Full-Disclusure!

This report describes a vulnerability type called SDRF. There are several
examples that demonstrate the risk of the above-mentioned class of
vulnerability. Causes of its existence and methods of protection from SDRF
are also observed in the report.

SDRF – the Same Domain Request Forgery. Like the known CSRF (Cross-Site
Request Forgery) vulnerability, SDRF falsifies HTTP requests of users, but
in contrast to CSRF, it forges the requests, that are send by a user to the
same domain, where the malicious code, that exploits the vulnerability, is
located.
The second important difference is that SDRF is application-oriented.
While for a CDFR attack mainly unsafe HTML codes are used, SDRF attacks, in
opposite, are realized through Adobe © application formats, that are
processed by browser plug-ins, like Adobe Flash Player © and Adobe Reader
©. No doubt, SDRF can be used in classic way, for example by HTML
injections or XSS.
The third difference of SDRF from CSRF lies in the browsers’ specifics of
processing Adobe Flash Player © и Adobe Reader © documents. Even secured
resources, like Google Mail, Yandex Mail and many others are subjected to
SDRF vulnerability if the particular browser is used. A more detailed
description will be provided further.
Given all these differences we specified SDRF in a separate class of
vulnerabilities, though it is possible to classify them as a special case
of CSRF.

Read more at attachment.

-- 
Best regards, 
Vladimir Vorontsov
ONsec security expert
Download attachment "onsec-whitepaper-01.eng.pdf" of type "application/pdf" (604879 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ