[ale] Security hole in netscape

Zot O'Connor zot at ZotConsulting.com
Sat Oct 10 09:56:41 EDT 1998


These are particularly scary as it makes Java Script look more like
Active X.  I tested this under Windows NT and Linux.  It makes for a
very good argument to not run as root or admin!  I assume that netscape
is installed suid for any reason (of course under NT....)


http://www.shout.net/~nothing/son-of-cache-cow/

The problem is that it's still possible to inject foreign JavaScript
code into arbitrary documents. This has numerous evil applications. To
illustrate some of them, I've written four exploitative programs. Follow
the links to see the program source. 

cookie-monster.cgi will steal cookies from arbitrary locations; this is
very bad since cookies have been widely deployed for authentication
purposes. The script will prompt you for a URL, and retrieve all cookies
issued to you by that site. 

file-list.cgi will steal the contents of a local directory on your hard
drive. The script will prompt you for a directory name, and retrieve the
names of all the files contained it. 

cache-cow-4.07.cgi will steal the contents of your cache. It has
precisely the same effect as the exploit announced last week.


-- 
Zot O'Connor

www.ZotConsulting.com
www.WhiteKnightHackers.com

-- 
Zot O'Connor

www.ZotConsulting.com
www.WhiteKnightHackers.com






More information about the Ale mailing list