Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)
From: obscure (obscure@EYEONSECURITY.NET)Date: 02/07/02
- Previous message: Roger Safian: "2002 FIRST Conference registration open"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 7 Feb 2002 02:50:38 +0100 From: obscure <obscure@EYEONSECURITY.NET> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Advisory Title: Web Browsers vulnerable to the Extended HTML Form Attack
Release Date: 06/02/2002
Effects:
Internet Explorer 6 and older versions
Opera 6.0 and older versions
Severity:
Allows stealing of cookies, penetration of internal networks and other evil
stuff.
Author:
Obscure^
[ obscure@eyeonsecurity.net ]
Vendor Status:
Internet Explorer - Informed secure@microsoft.com and worked with them to
release a patch. Should be out soon.
Opera - Worked with the Opera team. A fix is due next release.
Web:
http://eyeonsecurity.net/papers/ - Extended HTML Form Attack
Background.
Many web browsers such as Internet Explorer allow forms to be submitted to
non-HTTP services. Some non-HTTP
services echo back the information sent, and the web browser renders the
echo as an HTML page, regardless
of the protocol behind the service.
Problem.
A malicious user can create a form which is submitted by the victim
(automatically using Active Scripting
or manually using Social Engineering). This form can cause a non-HTTP
service to echo back JavaScript commands
which in turn allow the malicious user to steal the cookie for that domain.
There are more uses for this attack, other than just stealing cookies.
Exploit Example.
available at http://eyeonsecurity.net/advisories/showMyCookie.html
Disclaimer.
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
responsibility.
Feedback.
Please send suggestions, updates, and comments to:
Eye on Security
mail : obscure@eyeonsecurity.net
web : http://www.eyeonsecurity.net
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper
Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Roger Safian: "2002 FIRST Conference registration open"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
