Please support our Web Development advertiser: Programming Forums
Featured Entry 
Jun 21st, 2008, 7:22 am
Sandro Gauci, founder of EnableSecurity, has revealed that six years on from his 2002 report into extended HTML form attacks the problem has simply refused to go away.
The original report included details of how attackers could abuse non-HTTP protocols in order to launch Cross Site Scripting attacks, even in a situation where the target web application was not itself vulnerable to XSS. This applied to most web browsers at the time. Now, he says, not much has changed.
"Six years later I’m releasing an update to this research in this paper. This security vulnerability still affects popular web browsers nowadays."
Gauci lists the following browsers as all being tested and vulnerable:
Gauci concedes that a decent job has been done as far as the web forms which get exchanged with HTML servers are concerned, but not when we start talking about FTP, SMTP or any other non-HTTP server.
"When an attacker can control what is returned by the server, the victim becomes vulnerable to security issues" Gauci says.
The original report included details of how attackers could abuse non-HTTP protocols in order to launch Cross Site Scripting attacks, even in a situation where the target web application was not itself vulnerable to XSS. This applied to most web browsers at the time. Now, he says, not much has changed.
"Six years later I’m releasing an update to this research in this paper. This security vulnerability still affects popular web browsers nowadays."
Gauci lists the following browsers as all being tested and vulnerable:
Internet Explorer 6Of course, it is not that the vulnerabilities have just been ignored, but rather that these browsers have not managed to make it go away completely. The problem seems to lay with how they block ports, and how attackers exploit browser blacklists by using ports which are not on them.
Internet Explorer 7
Internet Explorer 8 (beta 1)
Opera 9.27
Opera 9.50
Safari 1.32
Safari 3.1.1
Gauci concedes that a decent job has been done as far as the web forms which get exchanged with HTML servers are concerned, but not when we start talking about FTP, SMTP or any other non-HTTP server.
"When an attacker can control what is returned by the server, the victim becomes vulnerable to security issues" Gauci says.
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 1,508 views, 0 comments, and 21 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Jun 21st, 2008.
•
•
•
•
advertising apple botnet browser business copyright crime data development email europe facebook firefox forensic gaming google hacking hardware ibm internet iphone ipod itunes law legal linux malware marketing microsoft mobile mozilla music news privacy research search security software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Web Development Marketplace
Related Blog Entries
- T-Mobile loses 17 million customer records (4 Days Ago)
- No more crazy satnav directions? (4 Days Ago)
- Fat spotty losers with no friends feel Internet teen heat (6 Days Ago)
- Apple iTunes Store Closing Bluff Works (7 Days Ago)
- The six million dollar World of Warcraft bot (9 Days Ago)
- Life on Mars? No, but it is snowing... (10 Days Ago)
- No iTunes required for 2.1 billion mobile music downloads (10 Days Ago)
- One small step for Google, one giant leap for Flash Designers! (11 Days Ago)
- Microsoft shows JQuery some love (11 Days Ago)
- You CAN use your mobile phone on the flight (12 Days Ago)
