Vulnerability Development mailing list archives
Nokia 7110 Wap Browser Hole
From: aidan.okelly () OCEANFREE NET (Aidan O'Kelly)
Date: Thu, 13 Jul 2000 13:02:47 +0100
Ok, so this may be slighly off topic for this forum, but I though id post it anyway. The nokia 7110 wap browser will happily pass form varibles that were entered once to another site later on (in the same session? Not sure how long it stores them for) The problem is that the Nokia recognises forms and passes the values it used before to text/password boxes etc. So if you had a login form on one website. that had an input box, type=test/password and name=userid, once you enter your userid, the nokia stores it in a varible called $userid. If the user surfs to another site with a text box of the same name it will put $userid into it. Its not hard to guess what the varibles from other sites would be called, and its possible to get the phone to submit the form without ever even seeing it(using cards and on timer events) so information could be gathered. afaik it applys to the real phone aswell(I dont have one, but Im 99% sure it works, the phone defintly fills in the values, cant check if it does it for different hosts, but the 7110 simulator is pretty accurate.) Can anyone confirm this? or find out how long it stores the varibles for? (id imagine till you turn the phone off, or disconnect from the net) I wonder if the nokia sets any other varibles itself..... Anyway, sorry if this is off topic. Aidan
Current thread:
- CASL & IP Options Gabe Kostolny (Jul 11)
- Re: CASL & IP Options Pedro Quintanilha (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Nokia 7110 Wap Browser Hole Aidan O'Kelly (Jul 13)
- core dump mount ararat blossom (Jul 13)
- Re: core dump Leon Breedt (Jul 13)
- Re: core dump Kev (Jul 13)
- Re: core dump Tymm Twillman (Jul 13)
- Re: core dump Bluefish (Jul 14)
- Denials of Service Attacks J. Oquendo (Jul 16)
- Re: Denials of Service Attacks Adam Muntner (Jul 18)
- Re: core dump Javier Abdul Córdoba Gándara (Jul 17)
- IIS anonymous user - who? Chris Erasmus (Jul 17)
- Re: IIS anonymous user - who? Bill Pennington (Jul 18)
(Thread continues...)