Bugtraq mailing list archives
Re: HTML Form Protocol Attack
From: Sevo Stille <sevo () ip23 net>
Date: Thu, 16 Aug 2001 00:58:09 +0200
Barnaby Gray wrote:
I tried this out on mozilla, lynx and netscape (all linux) and got the following results: mozilla 0.9.1 Pops up message: "Access to the port number given has been disabled for security reasons."
For ports below 80. There are a lot of other potentially vulnerable services above 80. pop3 in particular is used by the largest German ISP without password authentication (users are authenticated through their temporary IP address and associated Radius information), so the described pop3 deletion attacks against their users email would very trivial.
When I tried to get it to connect to ftp (port 21) - however if you add 65536 to this value, so try submitting the form to 65557 it doesn't complain and will connect to port 21,
Which opens the remaining ports...
but gets stuck halfway through the transmission, without submitting the evil data.
Not stuck - unless you send a carefully crafted form faking a ftp session, the ftp server would be waiting for some valid ftp commands to roll in.
Sevo -- Sevo Stille sevo () ip23 net
Current thread:
- HTML Form Protocol Attack Jochen Topf (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- Re: HTML Form Protocol Attack Jesse Ruderman (Aug 15)
- Re: HTML Form Protocol Attack Sevo Stille (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- Re: HTML Form Protocol Attack Jim Paris (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 16)
- Re: HTML Form Protocol Attack Mark van Walraven (Aug 16)
- Re: HTML Form Protocol Attack Gustavo Molina (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- RE: HTML Form Protocol Attack Bennett Samowich (Aug 16)
- <Possible follow-ups>
- RE: HTML Form Protocol Attack Bennett Samowich (Aug 18)