|

Computer Security

»

Web App Security

Redirection obfuscation in FF and NS

View: New views

4 Messages — Rating Filter: Alert me

	Redirection obfuscation in FF and NS by RSnake :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message ID and I were playing around with some weird redirection obfuscation and came across these a few days ago (works in latest version of Firefox and Netscape on untrusted site settings). Sorry that this is a little ho-hum but it's probably worth documenting: http://www.visa.com@rsnake and http://rsnake:www.visa.com This seems like something that could confuse users. This is the same old "feeling lucky" stuff built into browsers. Not so much a hack as just confusing behavior to users which could lead to unintended redirection and potentially more sucessful phishing attacks. This relies on being the #1 page rank in something, but that is pretty easy with obscure search terms. -RSnake http://ha.ckers.org/xss.html ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
	Re: Redirection obfuscation in FF and NS by Lou Cipher :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > http://www.visa.com@rsnake > and > http://rsnake:www.visa.com Deja Vu.... hmm. this is pretty old stuff. MS fixed it in 2005 in their browsers. See http://support.microsoft.com/default.aspx?scid=kb;[LN];834489 -- Saqib Ali, CISSP http://www.xml-dev.com/blog/ "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
	Re: Redirection obfuscation in FF and NS by RSnake :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message This actually isn't using the username:password@ trick (which pops up a warning in Firefox). This is using malformed URL which is then sent through Firefox's search engine. Slightly different, but same effect, assuming you own the search term. On Mon, 20 Mar 2006, Saqib Ali wrote: >> http://www.visa.com@rsnake >> and >> http://rsnake:www.visa.com > > Deja Vu.... > > hmm. this is pretty old stuff. > > MS fixed it in 2005 in their browsers. > See > http://support.microsoft.com/default.aspx?scid=kb;[LN];834489 > > -- > Saqib Ali, CISSP > http://www.xml-dev.com/blog/ > "I fear, if I rebel against my Lord, the retribution of an Awful Day > (The Day of Resurrection)" Al-Quran 6:15 > -R ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
	Re: Redirection obfuscation in FF and NS by Lou Cipher :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message These guys are lucky: http://www.archives.gov/federal-register/cfr/ibr-locations.html Try the following URL http://www.microsoft.com@_ It should take you to the National ARchives website :) On 3/20/06, RSnake <rsnake@...> wrote: > > This actually isn't using the username:password@ trick (which > pops up a warning in Firefox). This is using malformed URL which is > then sent through Firefox's search engine. Slightly different, but same > effect, assuming you own the search term. > > On Mon, 20 Mar 2006, Saqib Ali wrote: > > >> http://www.visa.com@rsnake > >> and > >> http://rsnake:www.visa.com > > > > Deja Vu.... > > > > hmm. this is pretty old stuff. > > > > MS fixed it in 2005 in their browsers. > > See > > http://support.microsoft.com/default.aspx?scid=kb;[LN];834489 > > > > -- > > Saqib Ali, CISSP > > http://www.xml-dev.com/blog/ > > "I fear, if I rebel against my Lord, the retribution of an Awful Day > > (The Day of Resurrection)" Al-Quran 6:15 > > > > > -R > -- Saqib Ali, CISSP http://www.xml-dev.com/blog/ "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------

LightInTheBox - Buy quality products at wholesale price