OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Adam Young (adam_at_vbfx.com)
Date: Fri Sep 27 2002 - 06:46:32 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Thu, 26 Sep 2002 15:51:47 -0400 (EDT)
    Troy Ablan <bugtraqpinchaser.com> wrote:

    > Question 1: Is there a way a web page can add a buddy to your AIM list
    > without your knowledge?

            With "aim:" identifier, they can theoretically add a new buddy to your list.
    Though they have to 'trick' you into clicking the "AIM Link".
            ex. aim:addbuddy?screenname=FOO&group=BAR

    > Question 2: How was I prevented from viewing the source of the HTML page
    > in IE?

            You should always be able to view source. Perhaps not through the menu's, but
    prepend the URL with "view-source:" and you'll have no problems.
            eg. "view-source:http://www.foo-bar.com/"

    > I wgetted the psecure20x-cgi-install.version6.01.bin.hx.com file as well
    > for anyone who wants to look at it, just in case the above link does not
    > work any more.
    >
    >
    > -- BEGIN SOURCE --
    >
    > <html><head><title>Browser Plugin Requried</title><meta
    > http-equiv="refresh" content="1;
    > url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><body><h1>Browser
    > Plugin Required:</h1><br>You may need to restart your browser for changes
    > to take affect.<br>Security Certificate by <a
    > href="http://www.verisign.com">Verisign</a> 2002.<br>MD5:
    > 9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a
    > href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and choose
    > "Run" to install.</body></html>
    >
    > -- END SOURCE --

            What would be more interesting is to find out what the ".com" file's source is.
     The above just tells me that after 1 second, it sends a refresh to the file in
    question and through some sort of social engineering (I suppose you could say)
    tactics, tries to get the user to run it.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE9lEUXUanLvazj+VgRAnp3AJ9IZDZ6zKpxg8yAQ58M4ZrEGLM/RQCfSUmX
    d/bqTFdBjRPOhxowYhg8p8A=
    =/x1t
    -----END PGP SIGNATURE-----

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com