Vulnerability Development mailing list archives
Re: Nokia 7110 Wap Browser Hole
From: doze () COREDUMP CX (Kristjan Kristinsson)
Date: Mon, 17 Jul 2000 11:09:35 +0200
On Sat, Jul 15, 2000 at 12:47:17PM +0200, Kristjan Kristinsson wrote:
To continue being of topic, most wap phones hangs when being portscanned, including most nokia 7110's. But since you need the ad of the phone when it's connected to the net, and this can be pretty tricky to get most people should not be to worried. //doze (yeah, should win a price in excessive quoting) On Thu, Jul 13, 2000 at 01:02:47PM +0100, Aidan O'Kelly wrote:Ok, so this may be slighly off topic for this forum, but I though id post it anyway. The nokia 7110 wap browser will happily pass form varibles that were entered once to another site later on (in the same session? Not sure how long it stores them for) The problem is that the Nokia recognises forms and passes the values it used before to text/password boxes etc. So if you had a login form on one website. that had an input box, type=test/password and name=userid, once you enter your userid, the nokia stores it in a varible called $userid. If the user surfs to another site with a text box of the same name it will put $userid into it. Its not hard to guess what the varibles from other sites would be called, and its possible to get the phone to submit the form without ever even seeing it(using cards and on timer events) so information could be gathered. afaik it applys to the real phone aswell(I dont have one, but Im 99% sure it works, the phone defintly fills in the values, cant check if it does it for different hosts, but the 7110 simulator is pretty accurate.) Can anyone confirm this? or find out how long it stores the varibles for? (id imagine till you turn the phone off, or disconnect from the net) I wonder if the nokia sets any other varibles itself..... Anyway, sorry if this is off topic. Aidan-- [doze] .:. [security.is staff] .:. [khrome] .:. [coredump.cx adm!] - [doze () coredump cx] - [doze () security is] - . ,!. . [http://doze.coredump.cx] - [http://doze.bsd.at] ,j't. [http://doze.security.is] - [http://doze.hack.pl] K=-=:: -=-> "=i.: [-' pgp fingerprint: /;:":.\ C986 986B 1420 8E21 2B52 F03E 87EE 6228 02B8 7900 . ;}' '(, .
-- [doze] .:. [security.is staff] .:. [khrome] .:. [coredump.cx adm!] - [doze () coredump cx] - [doze () security is] - . ,!. . [http://doze.coredump.cx] - [http://doze.bsd.at] ,j't. [http://doze.security.is] - [http://doze.hack.pl] K=-=:: -=-> "=i.: [-' pgp fingerprint: /;:":.\ C986 986B 1420 8E21 2B52 F03E 87EE 6228 02B8 7900 . ;}' '(, .
Current thread:
- Re: Nokia 7110 Wap Browser Hole Tink (Jun 20)
- <Possible follow-ups>
- Re: Nokia 7110 Wap Browser Hole Kristjan Kristinsson (Jul 17)
- volcheck and sol 8 Matthew Potter (Jul 18)
- Re: Nokia 7110 Wap Browser Hole Ralph Moonen (Jul 18)
- Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 18)
- Re: Nokia 7110 Wap Browser Hole Juan M. Courcoul (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Bojan Zdrnja (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Dave O Connor (Jul 21)