http://blog.skeptikal.org/2010/09/cross-subdomain-session-fixation.html By Mike Bailey skeptikal.org September 2, 2010 Last fall I wrote a bit about cross-subdomain cookie attacks. As often as I come across more uses for them, I think that they are a much more serious issue than most people (myself included) have made them sound. Today, I came across a variant which I'd theorized about in the past, but never bothered to find in the wild, and I think it merits some attention. You may be familiar with Hack Is Wack- a stupid marketing campaign from Norton/Symantec. The premise is simple: users submit videos, which are voted on, and the winner gets to roll with Snoop Dogg...'s manager. You may not know it, but most of Snoop's music is information security-related. "What's My Name" is about AuthN, "Drop it like it's Hot" is about SQL injection, not to mention constant references to cron, gzip, and other unix commands in his lyrics. It's really a pretty natural match. At any rate, the Hack is Wack site is chock full of holes. For example, there's the publicly available, indexed cache directory with all that SQL, JSON and other data. There's the XSS vulns (HTML5 only, though it should be simple enough to rewrite), CSRF holes, and the Flash upload issues in the video upload script (a Joomla module that appears to have been used without any quality control or review despite the fact that it's currently in Alpha) [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Sep 02 2010 - 23:28:55 PDT
This archive was generated by hypermail 2.2.0 : Thu Sep 02 2010 - 23:43:59 PDT