- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 13611
- Проверка EDB
-
- Пройдено
- Автор
- MC2_S3LECTOR
- Тип уязвимости
- PAPERS
- Платформа
- AIX
- CVE
- N/A
- Дата публикации
- 2010-02-04
Код:
[+] Category : Spoofing
[+] Category : Spoofing Technique
[+] Author : yogyacarderlink.web.id
[+] Contact : (00x0---www.yogyacarderlink.web.id
[+] date : 4-2-10
[+] biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all*.indonesian like a coding,
<frame
src=”http://server/file.html”>)
(http://server/page?frame_src=http://examp
le/file.html)
replace
“frame_src” parameter value with
“frame_src=http://you.example/spoof.html”
user expected domain example.com--->foregion data you.example.com
links can be sent to a user via email,messages, left on bulletin board post,
or forced upon users by Xss attacker. If you gets a user to visit a web
page designated by their malicious address, the user will believe he is
view authentication from address when he is not. Users will
implicitly trust the spoofed since the browser url bar
displays http://example, when in fact the underlying frame htm
is referencing http://you.example
exploits attack the trust relationship established between the
user& the web site. The technique has been used to create fake
web pages including defacements,login acces forms, false press releases,etc
sampling:
Creating a spoofed press release. Lets say a web site use created HTML frames
for their press release web pages.
A user would visit a link such as
(http://example/pr?pg=http://example/pl/03xxx.html). The resulting web page HTML would be:
code:
<HTML>
<FRAMESET COLS=”100, *”>
<FRAME NAME=”pl_menu” SRC=”menu.html”>
<FRAME NAME=”pl_content”
SRC=”http://example/pr/03xxx.html>
</FRAMESET>
</HTML>
“pl” web apps in samplign creates HTML with a static menu&dynamic generated frame src.
“pl_content” frame pulls its source from the URL parameter value
of “pg” to display the requested press release content. But what if an
you(attacker) altered the normal URL to
http://foo.example/pr?pg=http://attacker.example/sp
oofed_press_release.html? Without properly sanity checking
the “pg” value, the resulting HTML would be
Snippet code:
<HTML>
<FRAMESET COLS=”100, *”>
<FRAME NAME=”pl_menu” SRC=”menu.html”>
<FRAME NAME=”pl_content” SRC=”
http://you.example/spoofed_press_release.html”>
</FRAMESET>
</html>
end user you.example.com
- Источник
- www.exploit-db.com