|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: BrownOrifice can break firewalls! NOW MSIE
From: Alexey Yarovinsky (ayarovin
OLTRES.COM)Date: Sun Aug 20 2000 - 02:55:59 CDT
- Next message: Kyong-won Cho: "[HackersLab bugpaper] HP-UX net.init rc script"
- Previous message: secureCONECTIVA.COM.BR: "Conectiva Linux Security Announcement - Zope"
- In reply to: Greulich, Andreas: "BrownOrifice can break firewalls!"
- Next in thread: TAKAGI, Hiromitsu: "Re: BrownOrifice can break firewalls! NOW MSIE"
- Reply: Alexey Yarovinsky: "Re: BrownOrifice can break firewalls! NOW MSIE"
- Reply: TAKAGI, Hiromitsu: "Re: BrownOrifice can break firewalls! NOW MSIE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
The same security hole, exists in MSIE too, with one restriction: url can't
start with file:. But still the applet from outside site, can access you
intranet servers including ftps and ALL sites you have access to. The
demonstration of the bug is here:
Thanx, Alexey.
PS: The applet was tested on WinNT 4.0sp5 with Internet Explorer both 5 and 5.5
versions.
- Next message: Kyong-won Cho: "[HackersLab bugpaper] HP-UX net.init rc script"
- Previous message: secureCONECTIVA.COM.BR: "Conectiva Linux Security Announcement - Zope"
- In reply to: Greulich, Andreas: "BrownOrifice can break firewalls!"
- Next in thread: TAKAGI, Hiromitsu: "Re: BrownOrifice can break firewalls! NOW MSIE"
- Reply: Alexey Yarovinsky: "Re: BrownOrifice can break firewalls! NOW MSIE"
- Reply: TAKAGI, Hiromitsu: "Re: BrownOrifice can break firewalls! NOW MSIE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]