[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond

From: "Amit Klein (AKsecurity)" <aksecurity@xxxxxxxxxx>
Subject: Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
Date: Tue, 01 Aug 2006 08:55:59 +0200

Flash HTTP basic auth works nicely, e.g. authenticating as username "foo", password "bar":

  var req:LoadVars=new LoadVars();
  req.addRequestHeader("Authorization","Basic Zm9vOmJhcg==");
  req.send("http://www.vuln.site/some/script.cgi?param1=val1&param2=val2","_blank";);

So you can remote command devices/pages that require HTTP basic auth (assuming you have the 
credentials).

-Amit


On 31 Jul 2006 at 15:30, Jeremiah Grossman wrote:

> 
> On Jul 31, 2006, at 4:27 PM, Amit Klein (AKsecurity) wrote:
> 
> > On 31 Jul 2006 at 12:25, Jeremiah Grossman wrote:
> >
> >>
> >> Brute Forcing Basic HTTP Auth:
> >> HTTP Basic Auth has proven to be a worthy adversary when it come to
> >> JavaScript Malware. If a target web server has a default u/p basic
> >> auth, like so many DSL routers, and the victim is running Firefox/
> >> Mozilla, your gold. Firefox/Mozilla support the url notation (http://
> >> user:pass@host/), while Internet Explorer (IE) does not. So forcing
> >> an authenticated Basic Auth request with IE is not possible (as best
> >> we can tell).
> >
> > How about using Flash? you can then force the Authorization request  
> > header (I guess - I
> > didn't try it), a-la my "Forging HTTP request headers with Flash":
> >
> > http://www.webappsec.org/lists/websecurity/archive/2006-07/ 
> > msg00069.html
> > (+ errata at http://www.webappsec.org/lists/websecurity/archive/ 
> > 2006-07/msg00084.html)
> 
> Hey, maybe! Thats why I posted the limitations, they just might cause  
> someone become interested. I don't have the test environment set up  
> to try it myself. Let us know what you find.
> 
> 
> Jer-
> 
> 
> ----------------------------------------------------------------------------
> The Web Security Mailing List: 
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 



----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  - From: Billy Hoffman

Next by Date: RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
Next by thread: RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site