Bugtraq mailing list archives
Re: PCL-0002: Session Hijacking in "Sqwebmail"
From: Christophe Casalegno <christophe.casalegno () digital-network net>
Date: Mon, 17 Nov 2003 20:38:46 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le Mardi 18 Novembre 2003 02:18, Vincenzo Ciaglia a écrit :
In this example, the victim has visualized our website reading the mail that we have sent to him. Visiting the link is been marked from our counter. Now we will be able to access to the victim's mail page admin and will be able to read and to send, calmly, its email without make login. The session comes sluice after approximately 20/30 minutes and the attacker has the time to make its comfortable ones.
That does'nt work on my system. There is also a protection by ip on sqwebmail that verify this is the authentified ip that try to acces mailbox, but it isn't the problem : This is a apache web log on the visited site that comes from a sqwebmail mail link : manticore.digital-network.net - - [17/Nov/2003:20:23:07 +0100] "GET / HTTP/1.1" 200 509 "-" "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8" manticore.digital-network.net - - [17/Nov/2003:20:23:08 +0100] "GET /menu.html HTTP/1.1" 200 861 "http://www.xxxxx.org/"; "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8" manticore.digital-network.net - - [17/Nov/2003:20:23:08 +0100] "GET /corps.html HTTP/1.1" 200 1041 "http://www.xxxxx.org/"; "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8" manticore.digital-network.net - - [17/Nov/2003:20:23:10 +0100] "GET /Images/miscmag9.jpg HTTP/1.1" 200 45795 "http://www.xxxxx.org/corps.html"; "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8" manticore.digital-network.net - - [17/Nov/2003:20:23:10 +0100] "GET /Images/menu.gif HTTP/1.1" 200 1071 "http://www.xxxxx.org/menu.html"; "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.4) Gecko/20030630 Galeon/1.3.8" friendly, - -- Christophe Casalegno | Digital Network | UIN : 153305055 http://www.digital-network.net | http://www.speed-connect.com http://www.securite-reseaux.com | http://www.dnsi.info Security engineer network/systems | Intrusion tests specialist. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/uSPG0mOixX2DR8IRAgwwAKChwAXyEaWJ8as9xw2GMHo8Q37AEgCeLyIV RF5GZxFnNcl62C7TAOLfwjs= =E5Jm -----END PGP SIGNATURE-----
Current thread:
- PCL-0002: Session Hijacking in "Sqwebmail" Vincenzo Ciaglia (Nov 17)
- Re: PCL-0002: Session Hijacking in "Sqwebmail" Christophe Casalegno (Nov 17)