Full Disclosure mailing list archives
Re: Oracle based personal data dumping attack on the nuit du hack CTF
From: majinboo <majinboo () hackerzvoice net>
Date: Mon, 26 Mar 2012 13:42:11 +0200
BTW last vuln' was also fixed during the prequals. MajinBoo Le 26/03/12 13:37, Damien Cauquil a écrit :
Hi klondike,> PS: What I wonder now is, are the guys behind the CTF reading Full-disclosure?I guess you now have your answer.> The guys have a cool XSS injection on the fake webmail service which can be exploited with a properly crafted subjectYou're right, and it has been fixed during the prequals. Anyway, this vulnerability is minor because teams couldn't send emails to each others. At least, you can pwn your own web browser.For the last vuln mentionned, we were aware of it. Guys who wrote the code were seriously slapped.Damien, NDH prequals team -- *Damien Cauquil* Directeur de Recherche CEH, CHFI, ECSA, CEI Tél. : +33 (0)1 78 76 58 21 Fax.: +33 (0)1 40 12 74 41 *Sysdream IT Security Services* 108, av. Gabriel Péri 93400 Saint Ouen http://www.sysdream.com/ Le samedi 24 mars 2012 à 05:54 +0100, klondike a écrit :El 24/03/12 05:27, klondike escribió:So I was bored with the nuit du hack prequals and decided to test a bit the e-mail service.BTW and on completely unrelated note there is an attack which could allow an attacker to guess the addresses of the participants as long as they are on a database owned by him. This attack works by consulting the page as if it were a yes/no oracle and using the results to know wether an address is on the page database or not.The guys have a cool XSS injection on the fake webmail service which can be exploited with a properly crafted subject (i.e. <script>alert('Hello!');</script> ). I thought the guys behind nuit du hack were a bit more serious than this...klondikeUsages of the attack? Well, trying to guess participants passwords, phising attacks, spamming ... Pick your choice xDAnd as with any good full disclosure here you go a nice script to exploit it: while read email; do curl -s -o- http://prequals.nuitduhack.com/rememberme.php -d "mail=$email" | fgrep '<div class="error">This mail doesn'\''t correspond to any account</div>' > /dev/null && echo Failure || echo "$email"; doneWell don't be bad with it, participants have no fault of this, klondikePS: What I wonder now is, are the guys behind the CTF reading Full-disclosure?_______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Permanent XSS on the nuit du hack webmail service klondike (Mar 23)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF klondike (Mar 23)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF Damien Cauquil (Mar 26)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF majinboo (Mar 26)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF klondike (Mar 27)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF Damien Cauquil (Mar 26)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF klondike (Mar 23)