Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Recent App Test
Date: Thu Aug 19 2004 - 11:43:16 CDT
> I changed the url parameter to something like url=www.google.com and
> google appeared in my browser. Next, i changed the url to url=www.
> whatismyip.com, hoping that the ip address of the webserver would be
> displayed, however, only my ip address was displayed.
This type of script commonly used in apps where the system is counting the
number of hits to URL.
> This means that my browser is loading the url parameter as opposed
> to the webserver script fethching the url and then displaying it for
> me in my browser right? Is this a security issue?
How can this be a security issue?
> Assuming that it was the actual webserver script fetching the url
> parameter and then displaying it for me,
This is quite common too. See:
> I've come up with a few
> vulnerabilities (listed below) and was hoping that people might like
> to share some of their ideas.
Yes this can be used to view/access site that blocked by firewalls.
> 1) Can use vulnsite as a proxy (& hack other sites)
Maybe. See above.
> 2) Can port scan using the vuln site by changing url=www.website.com
> to url=www.sitetoscan.com:port
> 3) Can connect to & port scan machines behind the firewall.
Yes. If you are behind a firewall that is blocking access to a website, you
can use the above 2 mentioned URL to get the content from those sites.