[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] The true power of cache

From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] The true power of cache
Date: Sun, 7 Feb 2010 22:29:05 +0200

Hello participants of Mailing List.

As I wrote last week in my article The true power of cache (http://websecurity.com.ua/3907/), the cache of search engines can be useful tool in skilful hands. There are many possibilities of using of cache for hackers.

Possibilities of cache of search engines:

1. Search for vulnerabilities of the site in cache.
2. Search for vulnerabilities of the site in snippet.
3. There are no records in the site's logs.
4. Bypassing of restrictions on access to the site.
5. Existence of vulnerabilities in cache.
6. It's always possible to retrieve information from the site.
7. Finding out of the last time, when the site was working.
8. Finding out of the time, when the site was hacked.
9. Malware spreading.

Search for vulnerabilities of the site in cache.

It's possible to find vulnerabilities of the site in cache of search engine, e.g. Full path disclosure and other Information Leakage vulnerabilities, which were already fixed at the site. Particularly I found such vulnerability at www.stat24.com.ua (http://websecurity.com.ua/1939/).

I.e. the cache allows to bypass this fixing of vulnerabilities (for some time). So it's better to not allow information leakages ;-), because even fixing of holes will not help immediately, it'll be needed also to wait for updating of the cache in search engines. Such case took place at Twitter (http://websecurity.com.ua/3283/).

Search for vulnerabilities of the site in snippet.

It's possible to find vulnerabilities of the site in snippets of search engine (data from cache, which show in search results), e.g. Full path disclosure and other Information Leakage vulnerabilities, which were already fixed at the site.

There are no records in the site's logs.

If it's needed to get information from the site, but don't want to leave records in the logs (about visiting of the site), then it's possible to get information from cache. And so didn't leave a trace. But it's only possible at turned off graphics and plugins (or with using of Google's "text" cache), so there will be no referrers from cache of search engine during access to images and other embedded files which are placed at the site.

Bypassing of restrictions on access to the site.

If access to the site is restricted for you (by IP), but access is allowed for bots of search engines, then it's possible to get information from cache of search engine.

Existence of vulnerabilities in cache.

Also there can be vulnerabilities in cache of search engines itself. Particularly I found XSS vulnerability in Yandex (http://websecurity.com.ua/1698/), which took place in cache of search engine.

It's always possible to retrieve information from the site.

It's possible to retrieve information from the site even if it doesn't work at the moment (stopped working completely or temporarily, e.g. in result of attack).

Finding out of the last time, when the site was working.

When the site stopped working (e.g. in result of DDoS attack), then it's possible to find out with help of cache when last time the bot of search engine, e.g. Google, came to the site. And thereafter the last time when the site was working.

Finding out of the time, when the site was hacked.

For my researches of hacked sites (http://websecurity.com.ua/3897/) I'm using Google, and thereafter in cache of search engine I find out date when the site was hacked. And even if admins of the site already removed deface, anyway I'll reveal via cache, that the site was hacked.

Malware spreading.

If search engine will put in its cache a page of the site with malware, then all who visit this cache will be attacked, just as at visiting of this site. And it'll be possible, e.g. to send links to cache of search engine by email, to use its name for increasing of number of people, which will go over these links.

Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Prev by Date: [WEB SECURITY] Dradis Framework v2.5 is out!
Next by Date: [WEB SECURITY] #HITB - Special Report: HITB2009 CTF Weapons of Mass Destruction
Previous by thread: [WEB SECURITY] Dradis Framework v2.5 is out!
Next by thread: [WEB SECURITY] #HITB - Special Report: HITB2009 CTF Weapons of Mass Destruction
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site