ILLC

From: Hugo (overclocking_a_la_abuelaat_private)
Date: Thu Mar 06 2003 - 04:35:23 PST

Next message: Luciano Miguel Ferreira Rocha: "Re: Siemens *35 and 45 series phones SMS Danial of Service"

Previous message: Ricardo Núñe: "[Full-Disclosure] Re: [RHSA-2003:062-11] Updated OpenSSL packages fix timing attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) We would like to clarify some points on our previous post about Inverse Lookup Log Corruption. "ILLC" has nothing to do with CERT advisory "CA-2000-02" (http://www.cert.org/advisories/CA-2000-02.html). With our technique an attacker can spoof the IP on web server logs...(completely on Iplanet and partially on Apache). Moreover an attacker can also hide requests on the Iplanet log analyzer (with the "format=" prefix on it's hostname)... This allowed us to show 7 new different bugs: -Partial log IP spoofing on Apache (ILLC) -Full IP spoofing on Iplanet (ILLC) -Full hiding requests on Iplanet (ILLC) -XSS on Iplanet Log Analyzer (ILLC) -XSS on WebTrends (XSS in HostName) -XSS on Surfstats (XSS in HostName) -XSS on Webexpert (XSS in HostName) While playing around with log analyzers, we also found other 2 XSS bugs (these ones exploiting CERT advisory "CA-2000-02" ) -XSS on LoganPro (XSS in UserAgent) -XSS on Webexpert (XSS in UserAgent) Regards, Hugo Vázquez Caramés & Toni Cortés Martínez Infohacking Research 2001-2003 Barcelona Spain

Next message: Luciano Miguel Ferreira Rocha: "Re: Siemens *35 and 45 series phones SMS Danial of Service"
Previous message: Ricardo Núñe: "[Full-Disclosure] Re: [RHSA-2003:062-11] Updated OpenSSL packages fix timing attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 06 2003 - 09:14:41 PST