Jauns caurums populārākajos pārlūkos – IE un Opera

Ir atrasts kārtējais caurums, kas ļauj darīt sliktas lietas. Cauruma tehniskais nosaukums – Extended HTML Form Attack. No nosaukuma var saprast, ka tas ir saistīts ar formām. Sūtot formu žiperīgs nerātnelis var izveidot viltīgus skriptus, kas nedaudz paurbināsies pa lietotāja pārlūku un izmakšķerēs vajadzīgo informāciju no tā. Šoreiz nepaveicās kā jau ierasti Internet Explorer 6.0 un vecākas versijas kā arī Opera 6.0 un arī vecākas versijas pārlūkiem. Par citām versijām/pārlūkiem nav skaidrs. Mozilla 0.9.8 uz nerātniem piedāvājumiem atbildēja sekojoši:

mycookie

Sīkāk lasīt šeit:
eyeonsecurity.net – šeit ir linki uz skaidrojumiem.
Exploita paraugs – tankistiem šeit nav jāspiež. Eta knopka ne dlja vas 😉
Pagaidām ielāpi vēl nav gatavi, bet kā Opera tā arī IE izstrādātāji svīst pie šīs problēmas risinājuma meklēšanas.

Advisory Title: Web Browsers vulnerable to the Extended HTML Form Attack
Release Date: 06/02/2002
Effects:
Internet Explorer 6 and older versions
Opera 6.0 and older versions

Severity:
Allows stealing of cookies, penetration of internal networks and other evil
stuff.

Author:
Obscure^
[ obscure@eyeonsecurity.net ]

Vendor Status:
Internet Explorer – Informed secure@microsoft.com and worked with them to release a patch. Should be out soon.
Opera – Worked with the Opera team. A fix is due next release.

Web:

http://eyeonsecurity.net/papers/ – Extended HTML Form Attack

Background.

Many web browsers such as Internet Explorer allow forms to be submitted to non-HTTP services. Some non-HTTP services echo back the information sent, and the web browser renders the echo as an HTML page, regardless of the protocol behind the service.

Problem.

A malicious user can create a form which is submitted by the victim (automatically using Active Scripting or manually using Social Engineering). This form can cause a non-HTTP service to echo back JavaScript commands which in turn allow the malicious user to steal the cookie for that domain.
There are more uses for this attack, other than just stealing cookies.

Exploit Example.

available at http://eyeonsecurity.net/advisories/showMyCookie.html

Disclaimer.

The information within this document may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever arising out of or in connection with the use or spread of this information. Any use of this information lays within the user’s responsibility.

Feedback.

Please send suggestions, updates, and comments to:

Eye on Security
mail : obscure@eyeonsecurity.net
web : http://www.eyeonsecurity.net

Ieraksti komentāru

Tava e-pasta adrese netiks publicēta. Obligātie lauki ir atzīmēti kā *