Re: HTML Form Protocol Attack

From: Jim Paris (jim@jtan.com)
Date: 08/16/01

• Previous message: Tracy Martin: "RE: BID 3161: other ZyXEL Prestige routers affected too"
• In reply to: Barnaby Gray: "Re: HTML Form Protocol Attack"
• Next in thread: Barnaby Gray: "Re: HTML Form Protocol Attack"
• Next in thread: Gustavo Molina: "Re: HTML Form Protocol Attack"
• Next in thread: Jesse Ruderman: "Re: HTML Form Protocol Attack"
• Reply: Barnaby Gray: "Re: HTML Form Protocol Attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 15 Aug 2001 23:04:49 -0400
From: Jim Paris <jim@jtan.com>
To: bugtraq@securityfocus.com
Subject: Re: HTML Form Protocol Attack
Message-ID: <20010815230449.A3418@neurosis.mit.edu>

> You're right, after attempted again I managed to get it to login to my
> FTP server, but ftp was not the best protocol to try it on considering
> the way data back from the server is sent, which there's no way of
> fiddling.

I'm not sure what you mean by this, but:

USER <SCRIPT>alert("hi")</SCRIPT>
331 Password required for <SCRIPT>alert("hi")</SCRIPT>.

You can pretty easily get arbitrary text sent back to the browser
(with other protocols too, I'm sure), so you could pass back
JavaScript that would go and interpret the text of the returned
document, causing your victim's web browser to suddenly become quite
intelligent and useful for future connections..

I can see it now..

1) Victim behind a firewall visits a webpage.
2) Victim's browser connects to an internal anonymous FTP server
3) Victim's browser walks the directory tree, downloads files,
   and dumps their contents back to the original webpage.

Whee.

-jim

---

• Previous message: Tracy Martin: "RE: BID 3161: other ZyXEL Prestige routers affected too"
• In reply to: Barnaby Gray: "Re: HTML Form Protocol Attack"
• Next in thread: Barnaby Gray: "Re: HTML Form Protocol Attack"
• Next in thread: Gustavo Molina: "Re: HTML Form Protocol Attack"
• Next in thread: Jesse Ruderman: "Re: HTML Form Protocol Attack"
• Reply: Barnaby Gray: "Re: HTML Form Protocol Attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: The MSComm Error 8021 with desc.: "Application-defined or object-defined error" ... I think the MSComm control causes the error. ... The browser was unable to retrieve a list of servers from ... Your computer is running the TCP/IP protocol. ... Your computer network cards are linked to the same subnet. ... (microsoft.public.vb.winapi.networks) Re: The MSComm Error 8021 with desc.: "Application-defined or object-defined error" ... I think the MSComm control causes the error. ... The browser was unable to retrieve a list of servers from ... Your computer is running the TCP/IP protocol. ... Your computer network cards are linked to the same subnet. ... (microsoft.public.vb.enterprise) Re: The MSComm Error 8021 with desc.: "Application-defined or object-defined error" ... I think the MSComm control causes the error. ... The browser was unable to retrieve a list of servers from ... Your computer is running the TCP/IP protocol. ... Your computer network cards are linked to the same subnet. ... (microsoft.public.vb.general.discussion) Re: The MSComm Error 8021 with desc.: "Application-defined or object-defined error" ... I think the MSComm control causes the error. ... The browser was unable to retrieve a list of servers from ... Your computer is running the TCP/IP protocol. ... Your computer network cards are linked to the same subnet. ... (microsoft.public.vb.winapi) Re: The MSComm Error 8021 with desc.: "Application-defined or object-defined error" ... I think the MSComm control causes the error. ... The browser was unable to retrieve a list of servers from ... Your computer is running the TCP/IP protocol. ... Your computer network cards are linked to the same subnet. ... (microsoft.public.vb.syntax)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)