Exploit Spoofing Technique Paper

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
13611
Проверка EDB
  1. Пройдено
Автор
MC2_S3LECTOR
Тип уязвимости
PAPERS
Платформа
AIX
CVE
N/A
Дата публикации
2010-02-04
Код:
[+] Category	 :	Spoofing	 	
[+] Category	 :	Spoofing Technique
[+] Author 	 :	yogyacarderlink.web.id
[+] Contact	 : 	(00x0---www.yogyacarderlink.web.id
[+] date	 :	4-2-10
[+] biGthank to	 :	Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all*.indonesian like a coding,


<frame
src=”http://server/file.html”>)

(http://server/page?frame_src=http://examp
le/file.html)

replace
“frame_src” parameter value with
“frame_src=http://you.example/spoof.html”

user expected domain   example.com--->foregion data you.example.com

links can be sent to a user via email,messages, left on bulletin board post,
or forced upon users by Xss attacker. If you gets a user to visit a web
page designated by their malicious address, the user will believe he is
view authentication from address when he is not. Users will
implicitly trust the spoofed since the browser url bar
displays http://example, when in fact the underlying frame htm
is referencing http://you.example

exploits attack the trust relationship established between the
user& the web site.  The technique has been used to create fake
web pages including defacements,login acces forms, false press releases,etc

sampling:
Creating a spoofed press release. Lets say a web site use created HTML frames 
for their press release web pages.
A user would visit a link such as


(http://example/pr?pg=http://example/pl/03xxx.html). The resulting web page HTML would be:

code:

<HTML>
<FRAMESET COLS=”100, *”>
<FRAME NAME=”pl_menu” SRC=”menu.html”>
<FRAME NAME=”pl_content”
SRC=”http://example/pr/03xxx.html>
</FRAMESET>
</HTML>


“pl” web apps in samplign creates HTML with a static menu&dynamic generated frame src.
“pl_content” frame pulls its source from the URL parameter value
of “pg” to display the requested press release content. But what if an
you(attacker) altered the normal URL to
http://foo.example/pr?pg=http://attacker.example/sp
oofed_press_release.html? Without properly sanity checking
the “pg” value, the resulting HTML would be


Snippet code:
<HTML>
<FRAMESET COLS=”100, *”>
<FRAME NAME=”pl_menu” SRC=”menu.html”>
<FRAME NAME=”pl_content” SRC=”
http://you.example/spoofed_press_release.html”>
</FRAMESET>
</html>

end user you.example.com
 
Источник
www.exploit-db.com

Похожие темы