On Thu, 2002-02-07 at 08:40, Mark Renouf wrote: > obscure wrote: > FYI: Mozilla 0.9.8+ gives an alert: > "Access to the port number given has been disabled for security reasons." this is one of those ancient netscape-isms. there are certain ports that you've never been able to connect to. While i can't seem to find an exact list anywhere, i did find this in some iplanet docs, and i assume this is implemented the same way in the mozilla core: "To avoid protocol spoofing by rouge/misconfigured URLs, iPlanet Web Proxy Server does not allow clients to connect on certain reserved ports. If using an HTTP URL, the client may not configure the URL to use the following ports: 1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 23, 25, 37, 42, 43, 53, 70, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 135, 143, 389, 512, 513, 514, 515, 526, 530, 531, 532,540, 556, 601, 6000" http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/resport.htm also (just for grins), i tried something similar with apache (since port 80 is ok): [jon@opiate jon]$ nc localhost 80 GET /<script>alert(document.cookie)</script> HTTP/1.0 HTTP/1.1 404 Not Found <--snip--> <H1>Not Found</H1> <--snip--> The requested URL /<script>alert(document.cookie)</script> was not found on this server.<P> <HR> i also tested with squid (notice port 3128 isn't in the blocked list): HTTP/1.0 400 Bad Request <--snip--> While trying to retrieve the URL: <A HREF="/<script>alert(document.cookie)</script>">/<script>alert(document.cookie)</script></A> <--snip--> both of them encoded the <>'s. and finally, i tried with iis. i got back an error page that made no mention of the url i requested. there are alot of other services on the web that may or may not echo back commands though, so i bet there are more versions of this same exploit. -jon -- jonat_private || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 14:03:34 PST