Bugtraq mailing list archives
Re: HTML Form Protocol Attack
From: Jim Paris <jim () jtan com>
Date: Wed, 15 Aug 2001 23:04:49 -0400
You're right, after attempted again I managed to get it to login to my FTP server, but ftp was not the best protocol to try it on considering the way data back from the server is sent, which there's no way of fiddling.
I'm not sure what you mean by this, but:
USER <SCRIPT>alert("hi")</SCRIPT>
331 Password required for <SCRIPT>alert("hi")</SCRIPT>.
You can pretty easily get arbitrary text sent back to the browser
(with other protocols too, I'm sure), so you could pass back
JavaScript that would go and interpret the text of the returned
document, causing your victim's web browser to suddenly become quite
intelligent and useful for future connections..
I can see it now..
1) Victim behind a firewall visits a webpage.
2) Victim's browser connects to an internal anonymous FTP server
3) Victim's browser walks the directory tree, downloads files,
and dumps their contents back to the original webpage.
Whee.
-jim
Current thread:
- HTML Form Protocol Attack Jochen Topf (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- Re: HTML Form Protocol Attack Jesse Ruderman (Aug 15)
- Re: HTML Form Protocol Attack Sevo Stille (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- Re: HTML Form Protocol Attack Jim Paris (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 16)
- Re: HTML Form Protocol Attack Mark van Walraven (Aug 16)
- Re: HTML Form Protocol Attack Gustavo Molina (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
- RE: HTML Form Protocol Attack Bennett Samowich (Aug 16)
- <Possible follow-ups>
- RE: HTML Form Protocol Attack Bennett Samowich (Aug 18)