WebApp Sec mailing list archives

RE: Possible hack? Images replaced on proxy server

From: "Stephen Savage" <ssavage () dovico com>
Date: Sun, 9 Feb 2003 13:11:12 -0400

The no cache metatag will work some of the time, but IE 5.x browsers had
some issues with caching, and some times don't recognize the tag at all.
For .net Response.Expires = -1; will insure that caching won't occur
even if the user has their browser set to always load from cache. I
think in ASP it's similar, but it's been a couple years since I've
worked with it.

The no cache is a quick-fix, however it will needlessly increase your
bandwidth usage, and your clients. As long as the images are ok on your
side it's really not your problem. You should contact the Admin of the
proxy in question, and let him know what's going on. Talking to your
boss, and CC'ing him will also help you cover your ass. Good luck,

Stephen Savage



-----Original Message-----
From: David Hodges [mailto:dhodges () outermost com] 
Sent: February 9, 2003 12:34 PM
To: webappsec () securityfocus com
Subject: Possible hack? Images replaced on proxy server

I am responsible for several ASP and ASP.Net web sites that are hosted
at 
an independent ISP. These sites were developed for a corporate client
which 
has its own corporate network and firewall, completely separate from the

ISP where these sites are hosted.

The other day, an employee of this corporation was surfing our site from

within the corporate firewall and found one of our images was coming up
as 
a porn image! Another employee was able to verify this.

Then we found that other images were coming up with no content, or as 
horizontal bars of color.

These problems are not occurring outside the corporate firewall;  and
the 
source images, on the server at the ISP, are fine. Only people behind
this 
firewall see these bad images.

I suspect someone has hacked the corporate proxy server but I have no
way 
to know for sure. I am in somewhat of a panic because naturally it does
not 
reflect well on my little company to have porn images coming up on sites
we 
develop.

I renamed the image in question and changed the IMG tag in the html,
which 
fixed the problem for the time being. But I am worried about future.

Would a META HTTP-EQUIV="Pragma" CONTENT="no-cache" tag help?

What else can I do to prevent this, and, what can be causing this?

Thanks,
David

Current thread:

Possible hack? Images replaced on proxy server David Hodges (Feb 09)
- Re: Possible hack? Images replaced on proxy server andre (Feb 09)
- <Possible follow-ups>
- RE: Possible hack? Images replaced on proxy server Stephen Savage (Feb 09)