Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Anonymous Surfing Via Gmail Login Window - Poor Sanitization

from [Markus Ackermann] Network Security [Permanent Link]
Subject: Re: Anonymous Surfing Via Gmail Login Window - Poor Sanitization
Date: Thu, 26 Aug 2004 19:32:12 +0200 
Am Mittwoch, 25. August 2004 15.14 schrieb Punabi MC:

Anonymous Surfing Via Gmail Login Window - Poor
Sanitization

User can do anonymous surfing (apart form other cool
tricks) from Gmail login window. The window is small,
still checking your mails via google is phun. :)


No way this is anonymous. The webserver still logs your IP, Referrer, Browser, 
etc... just see the two following lines from my access_log:
80.218.86.137 - - [26/Aug/2004:17:24:43 +0000] "GET / HTTP/1.1" 200 5221 
"http://www.google.ch/search?hl=de&ie=UTF-8&q=maol.ch&btnG=Google-Suche&m
eta=" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.6) Gecko/20040114"        
                                                                  
80.218.86.137 - - [26/Aug/2004:17:24:43 +0000] "GET /onebox.css HTTP/1.1" 200 
2303 "http://www.maol.ch/"; "Mozilla/5.0 (X11; U; Linux x86_64; en-US
; rv:1.6) Gecko/20040114"

Markus Ackermann.

PS: the trick requires a GMail authorized browser: 
https://gmail.google.com/gmail/browser_requirements.html
-- 
Symlink - News für die Welt http://symlink.ch/
maol symbolisch http://maol.ch/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [security bulletin] SSRT4779 - rev.0 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow, Boren, Rich (SSRT)
Next by Date:  Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Serkan Akpolat
Previous by Thread:  Anonymous Surfing Via Gmail Login Window - Poor Sanitization, Punabi MC
Next by Thread:  Dynix Webpac Input Validation, Wil Allsopp
Indexes:  [Date] [Thread] [Top] [All Lists]