Full Disclosure mailing list archives
Re: Redirectors: the phantom menace
From: "MustLive" <mustlive () websecurity com ua>
Date: Sat, 3 Jul 2010 15:14:42 +0300
Hello Sebastien! I'm glad that you liked the title of my article :-). For the title of the letter I used the title of my article, which I posted in September 2009 to the list (as I referenced in last letter). If you read at least some of my articles from 2009-2010, particularly from those which I wrote about to FD mailing list from September 2009 (when I became posting to the list), I like sometimes to use interesting titles for my articles. With such special titles I'm drawing people's attention to the problem. In case of this particular article, I'm telling that danger of redirectors are underestimating and they can be used for many different attacks, not only redirecting to other sites (i.e. redirectors represent the phantom menace for Internet community). Only recently WASC begun drawing attention to this kind of security issues in their TC v2 (released at 01.01.2010), where they added such class of vulnerability as URL Redirector Abuse.
It took me until half the post to realize this wasn't posted by MusntLive but by the original MustLive.
Different people use different styles for writing texts, so it's easy to distinguish my texts from text of others (including those who try to spoof on my letters). I'm not subscribed on the list, so I didn't know about such man as musnt live. But recently I received the letter from him, so I've become familiar with his kind of letters :-) (which are very not serious). So I've added his email to my blacklist and if he embarrassed you, then you can do the same (and just ban him). In this case ban both his and the second address, which I mentioned (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075412.html). Because these are both his addresses, as I found very quickly, from which (under different names) he was trying to spam me and to the list. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- From: "Sйbastien Duquette" <ekse.0x () gmail com> To: "MustLive" <mustlive () websecurity com ua> Cc: <full-disclosure () lists grok org uk> Sent: Monday, June 28, 2010 12:53 AM Subject: Re: [Full-disclosure] Redirectors: the phantom menace
It took me until half the post to realize this wasn't posted by MusntLive but by the original MustLive. With a title like that, I assumed it was some kind of mockery. Sometimes reality is stranger than fiction... On Sun, Jun 27, 2010 at 4:45 PM, MustLive <mustlive () websecurity com ua> wrote:Hello participants of Full-Disclosure! Additional information for those who read my article (and who still didn't they can do it) Redirectors: the phantom menace (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html). In addition to previous 12 attacks via open redirectors this year I added three new attacks (and soon would add more). To before-mentioned attacks the redirectors also can be used: - For conducting of XSS attacks via PDF files, which I wrote about in post regarding Script Injection in Adobe Acrobat (http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00049.html). - For conducting of DoS attacks on browsers via redirection to mailto: URL, which I wrote about in post DoS in Firefox, Internet Explorer, Chrome, Opera and other browsers (http://websecurity.com.ua/4206/). This concerns both open redirectors and closed redirectors (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html). - For bypassing of restrictions on URL at HTML Injection attacks, particularly Link Injection. As in case of vulnerability at news.yahoo.com (http://websecurity.com.ua/3723/). In contrast to bypass of protection filters at using of closed redirectors (attack #10), in this case not external redirector is using, but internal one (at this site, or at the site from allowed list). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Redirectors: the phantom menace MustLive (Jul 03)
- Re: Redirectors: the phantom menace Chris Evans (Jul 03)
- Re: Redirectors: the phantom menace Sébastien Duquette (Jul 04)