Full Disclosure mailing list archives
Re: Drive-by Pharming Threat
From: <auto400208 () hushmail com>
Date: Mon, 19 Feb 2007 19:19:37 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks. I'm sure there are many ways to achieve each step separately (see my reply to Andrew), to build this each and everything into functional "drive by" attack seems far fetched. Your details below add even more hurdles IMO. You'll be build a monster all encompassing, browser, version, plus router mega exploit. Unless the first two I mention to Andrew can be overcome easily. This is all very far from a "drive by" vuln. On Mon, 19 Feb 2007 16:23:29 -0500 Martin Johns <martin.johns () gmail com> wrote:
On 2/19/07, auto400208 () hushmail com < auto400208 () hushmail com> wrote:I am curious as to how one "automatically" logs on?There are several potential methods (depending on the victim's browser): 1) Older versions of Flash allow the spoofing of arbitrary http headers [1] thus allowing the creation of attacker controlled Authorization-headers. 2) Firefox does not display http-authentication warnings if the http request was generated by the browser's link-prefetch mechanism [2]. 3) An anti-DNS-pinning attack [3] can be executed to break the same-origin policy. Then the low-level socket functions of either Flash (all browsers) [4] or Java (Firefox and Opera) [5] could be employed to create arbitrary http requests. [1] http://www.securityfocus.com/archive/1/441014/30/0/threaded [2] http://blog.php-security.org/archives/56-Bruteforcing-HTTP- Auth-in-Firefox-with-JavaScript.html [3] http://shampoo.antville.org/stories/1451301/ [4] http://www.jumperz.net/index.php?i=2&a=1&b=8 [5] http://shampoo.antville.org/stories/1566124/ -- Martin Johns http://shampoo.antville.org
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkXaPpUACgkQ8swcuoVgWHDTrgP/WU4bKcaAal+0pZoQ5HXw4J+lY/yg vgxUf/70VxLo/XyePAWy/Gz1+A5eAg1sq3kX40a1Et7f0lf9VsHhP72WaJYVsaUYC0Nt IZM/nQmqVj2mn2D9KpB2p5vewpsY1TgmORS91QHCUDQBHgTM0mCZdLXnlO50GD0vm8SG LezrSAY= =i8sj -----END PGP SIGNATURE----- -- Click to consolidate your debt and lower your monthly expenses http://tagline.hushmail.com/fc/CAaCXv1QPRPcBJzTcaarTIE0MlLYCRdr/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Drive-by Pharming Threat auto400208 (Feb 19)
- Re: Drive-by Pharming Threat Andrew Farmer (Feb 19)
- Re: Drive-by Pharming Threat Martin Johns (Feb 19)
- Re: Drive-by Pharming Threat Gaurang Pandya (Feb 19)
- Re: Drive-by Pharming Threat mikeiscool (Feb 19)
- Re: Drive-by Pharming Threat Gaurang Pandya (Feb 19)
- Re: Drive-by Pharming Threat Andrew Farmer (Feb 19)
- Re: Drive-by Pharming Threat Gaurang Pandya (Feb 19)
- Re: Drive-by Pharming Threat Gaurang Pandya (Feb 19)
- <Possible follow-ups>
- Re: Drive-by Pharming Threat auto400208 (Feb 20)
- Re: Drive-by Pharming Threat auto400208 (Feb 20)