Bugtraq mailing list archives
Re: Vulnerability in Netscape & Microsoft Web browsers
From: shields () PASSPORT CA (Paul Shields)
Date: Thu, 19 Nov 1998 16:46:57 -0500
Richard Reiner reports, [...]
Full details, and HTML-based and Javascript-based demos, can be found at http://www.securexpert.com .
Richard didn't disclose details on how webmasters can prevent their sites from being used as unwitting accomplices to this attack. So here goes... It appears that the attacker needs to guess the name of the target frame, which for static pages is trivial. If this is true, then dynamically generated HTML can defeat the attack at the host side, by generating an address- or session-based frame name that is unguessable by the attacker. To do this, modify the frame name to use the hash of a secret appended to the remote's IP address: frame_name = original_name + SHA1( browser_IP_address + secret); cheers, -- Paul Shields, mailto:shields () custodians com Custodian Software Inc. 962 Bloor Street West Toronto, Ontario M6H 1L6 Tel: +1 416 537-0015 Fax: +1 416 536-5793
Current thread:
- Vulnerability in Netscape & Microsoft Web browsers Richard Reiner (Nov 14)
- <Possible follow-ups>
- Re: Vulnerability in Netscape & Microsoft Web browsers Paul Shields (Nov 19)