Re: Redirectors: the phantom menace

[Sébastien Duquette <ekse.0x () gmail com>]

2010/7/3 MustLive <mustlive () websecurity com ua>:
> Hello Sebastien!
>
> I'm glad that you liked the title of my article :-). For the title of the
> letter I used the title of my article, which I posted in September 2009 to
> the list (as I referenced in last letter). If you read at least some of my
> articles from 2009-2010, particularly from those which I wrote about to FD
> mailing list from September 2009 (when I became posting to the list), I like
> sometimes to use interesting titles for my articles.
>
> With such special titles I'm drawing people's attention to the problem. In
> case of this particular article, I'm telling that danger of redirectors are
> underestimating and they can be used for many different attacks, not only
> redirecting to other sites (i.e. redirectors represent the phantom menace
> for Internet community). Only recently WASC begun drawing attention to this
> kind of security issues in their TC v2 (released at 01.01.2010), where they
> added such class of vulnerability as URL Redirector Abuse.
>
> > It took me until half the post to realize this wasn't posted by
> > MusntLive but by the original MustLive.
>
> Different people use different styles for writing texts, so it's easy to
> distinguish my texts from text of others (including those who try to spoof
> on my letters). I'm not subscribed on the list, so I didn't know about such
> man as musnt live. But recently I received the letter from him, so I've
> become familiar with his kind of letters :-) (which are very not serious).
> So I've added his email to my blacklist and if he embarrassed you, then you
> can do the same (and just ban him).

Thanks for the hat tip, the matter has been taken care of. I won't
receive those annoying and mostly pointless messages anymore.

 In this case ban both his and the second
> address, which I mentioned
> (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075412.html).
> Because these are both his addresses, as I found very quickly, from which
> (under different names) he was trying to spam me and to the list.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> ----- Original Message ----- From: "Sйbastien Duquette" <ekse.0x () gmail com>
> To: "MustLive" <mustlive () websecurity com ua>
> Cc: <full-disclosure () lists grok org uk>
> Sent: Monday, June 28, 2010 12:53 AM
> Subject: Re: [Full-disclosure] Redirectors: the phantom menace
>
>
> > It took me until half the post to realize this wasn't posted by
> > MusntLive but by the original MustLive. With a title like that, I
> > assumed it was some kind of mockery. Sometimes reality is stranger
> > than fiction...
> >
> > On Sun, Jun 27, 2010 at 4:45 PM, MustLive <mustlive () websecurity com ua>
> > wrote:
> > > Hello participants of Full-Disclosure!
> > >
> > > Additional information for those who read my article (and who still
> > > didn't
> > > they can do it) Redirectors: the phantom menace
> > >
> > > (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html).
> > >
> > > In addition to previous 12 attacks via open redirectors this year I added
> > > three new attacks (and soon would add more).
> > >
> > > To before-mentioned attacks the redirectors also can be used:
> > >
> > > - For conducting of XSS attacks via PDF files, which I wrote about in
> > > post
> > > regarding Script Injection in Adobe Acrobat
> > >
> > > (http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00049.html).
> > >
> > > - For conducting of DoS attacks on browsers via redirection to mailto:
> > > URL,
> > > which I wrote about in post DoS in Firefox, Internet Explorer, Chrome,
> > > Opera
> > > and other browsers (http://websecurity.com.ua/4206/). This concerns both
> > > open redirectors and closed redirectors
> > >
> > > (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html).
> > >
> > > - For bypassing of restrictions on URL at HTML Injection attacks,
> > > particularly Link Injection. As in case of vulnerability at
> > > news.yahoo.com
> > > (http://websecurity.com.ua/3723/). In contrast to bypass of protection
> > > filters at using of closed redirectors (attack #10), in this case not
> > > external redirector is using, but internal one (at this site, or at the
> > > site
> > > from allowed list).
> > >
> > > Best wishes & regards,
> > > MustLive
> > > Administrator of Websecurity web site
> > > http://websecurity.com.ua
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/