lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e70efcd55d9e81768ebb1541a4e87da3@mail.ankalagon.ru>
Date: Thu, 26 May 2011 00:00:33 +0400
From: Владимир Воронцов
	<vladimir.vorontsov@...ec.ru>
To: Rosario Valotta <valotta.rosario@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Cookiejacking attack technique

Great work!

Technique can be used to stealing any data.
In example, content from remote iframes.
And from any local file, i.e. browser cache, configs and other.

But there is problem to open urls in file:// zone from http:// zone.
Recently i founded Chrome vuln, which provide that.
See https://docs.google.com/present/view?id=dcm4kmp7_18w8945rdw slides
20-23.

In your work, you say about redirect in IE9, but it is didn't work for me
(9.0.8112.16421).

If it is possible to open file:// from http:// in IE9, then possible to
stealing any local file without user actions :)

On Wed, 25 May 2011 00:17:21 +0200, Rosario Valotta
<valotta.rosario@...il.com> wrote:
> Hi,
> last week, in two security conferences I showed a new attack technique
> called Cookiejacking that allows to steal session cookies without any
XSS
> vulnerability.
> 
> https://www.swisscyberstorm.com/speakers/valotta
> http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
> 
> All previous approaches on the same topic used at least an XSS or a Man
in
> the middle attack (eg Firesheep) to steal cookies.
> In this approach I use a 0-day vulnerabilty affecting all versions of IE
on
> every Windows OS and an advanced Clickjacking attack in order to trick
> users
> in dragging & dropping their cookies.
> 
> You can steal any cookie (http only, secure cookies, whatever the
website)
> of every Win user!
> 
> If it is interesting, on my blog you can find a writeup and a couple of
> videos.
> https://sites.google.com/site/tentacoloviola/cookiejacking
> 
> Regards
> 
> Rosario Valotta

-- 
Best regards, 
Vladimir Vorontsov
ONsec security expert

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists