Security Basics mailing list archives
WebApplication authentication security risk
From: Simon <simon.xhz () gmail com>
Date: Mon, 6 Mar 2006 02:18:55 -0500
Hi, It's been a while since I checked here, just in case I'll send out the usual handshake <Hello World!> I was working on networking "relay", a program that listens for incoming connections on localhost and relays packets to a remote host. The first host I tried was google.ca. My relay did not relay the page, IExplorer showed a blank page. If I go to a different site, it works. I have made a PHP script in the past that takes a username, password, IP address, User-Agent, a cookie (md5 hash of date+ip+useragent). And I found out I could possibly start hacking my own security PHP script using this relay. For a secure PHP script, make sure you check the browser's requested URI. If browser requested anything else than the script's host, then you know the connection is relayed and could be sniffed. Unfortunately, it is possible to repackage the HTTP headers to change the Requested URI and only an encrypted connection would be able to prevent this kind of exploit. Anyway, hope it interest a couple people, hope I didn't bother anyone, it's just I thougth my own secure login script was top secure and I'm sure that programmers check for this rarely! Simon --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- WebApplication authentication security risk Simon (Mar 06)