Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash"

from [Amit Klein (AKsecurity)] Network Security [Permanent Link]
Subject: Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash"
Date: Wed, 26 Jul 2006 21:42:42 +0200 
Hi

A reader going by the nickname "xeek" pointed out to me that 
the examples in the paper making use of the HTTP GET request
do not work as-is (thanks xeek!). After looking at the matter,
I realized that I made a silly mistake. In my research, I
toyed with the LoadVars.send() method with 2 arguments 
(url and target window), and had Flash automatically 
select the appropriate methd (GET if empty body, POST if
non-empty body). The exploit works fine this way. When I 
documented my findings, I decided to explicitly add the HTTP
method, to clarify the write-up. BIG mistake - turns out
that in such case, Flash doesn't send the headers if GET is
used (sounds like a bug...). And pity I didn't verify the exact
code I used in the write-up...

Anyway, to summarize - there's a mistake in the document, 
and it's easily fixed. In each GET example, simply remove
the explicit method (i.e. delete all instances of ,"GET" in
the write-up). For example (the first example in the paper):

[...]
req.send("http://www.vuln.site/some/page.cgi?p1=v1&p2=v2";,
         "_blank");

This works as advertised, and as also verified by xeek.

Thanks, and sorry for the mistake,
-Amit
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  EzUpload multi file vulnerabilities, hack2prison
Next by Date:  Zyxel Prestige 660H-61 Cross-Site Scripting, jose . palanco
Previous by Thread:  Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity)
Next by Thread:  Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash", 3CO
Indexes:  [Date] [Thread] [Top] [All Lists]