|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kanatoko (anvil
jumperz.net)
Date: Tue Oct 02 2007 - 21:28:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It seems that the java applet located on the host A is allowed to
connect to the host B using HTTP 302 redirection on the host B.
Is it a normal behaviour?
PoC:
http://www.jumperz.net/exploits/appletTest1.jsp
host A: www.gyosatu.com
host B: www.jumperz.net
In this PoC, the java applet is downloaded from www.gyosatu.com and
connects to www.jumperz.net port 1111.
Use "tcpdump port 1111" to see the packets.
--
Kanatoko<anviljumperz.net>
Open Source WebAppFirewall
http://guardian.jumperz.net/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]