Re: Recent App Test

[Saqib.N.Ali () seagate com]

> I changed the url parameter to something like url=www.google.com and
> google appeared in my browser. Next, i changed the url to url=www.
> whatismyip.com, hoping that the ip address of the webserver would be
> displayed, however, only my ip address was displayed.

This type of script commonly used in apps where the system is counting the
number of hits to URL.

> This means that my browser is loading the url parameter as opposed
> to the webserver script fethching the url and then displaying it for
> me in my browser right? Is this a security issue?

How can this be a security issue?

> Assuming that it was the actual webserver script fetching the url
> parameter and then displaying it for me,

This is quite common too. See:
1)
http://html2pdf.adfinis.com/render.php?URL=http://validate.sf.net&FORMAT=.pdf
2) http://www.danvine.com/icapture/

> I've come up with a few
> vulnerabilities (listed below) and was hoping that people might like
> to share some of their ideas.

Yes this can be used to view/access site that blocked by firewalls.

> 1) Can use vulnsite as a proxy (& hack other sites)
Maybe. See above.

> 2) Can port scan using the vuln site by changing url=www.website.com
> to url=www.sitetoscan.com:port
Maybe.

> 3) Can connect to & port scan machines behind the firewall.
Yes. If you are behind a firewall that is blocking access to a website, you
can use the above 2 mentioned URL to get the content from those sites.


In Peace,
Saqib Ali
http://validate.sf.net