logo
::[Home]
::[News]
::[Challenges]
::[Ranking]
::[My Account]
::[Forum]
::[Chat]
::[Private Messages]
::[Vulnerable Code]
::[Tutorials]
::[Downloads/Scripts]
::[Support]
::[Links]
::[Contact/FAQ]
::[Login]
0 anonymous
Views: 1089196 Challenges: 342
Users: 12689 Online: 10

Settings
Search
0 new posts

Freewebs.com's weak session tracking mechanism – 3 Posts

  • Freewebs.com's weak session tracking mechanism

    02/16/2007 14:41
    quangntenemy's Avatar quangntenemy 7120
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    The File Manager this web host offers uses a token to track the session. However, this token is sent to the server using a get request, something like:<br><pre>http://fw58.members.freewebs.com/Members/fileManager.jsp?token=xxxxx</pre><br>What's even worse, when you click logout, the token isn't destroyed until it times out.<br>So:<br>- If you just click logout and go off somewhere else, your friend can still access it from the browsing history.<br>- If you use a tracker on your page, something like <a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">eXTReMe Tracking</a>, and accidently access your page from the File Manager, the referer will get logged and a visitor to your site might click on that link to pwn your website <img alt="\&quot;:D\&quot;" src="%5C"><br>- If you put a referer tracker on the google ads on the File Manager page, maybe you'll pwn whoever clicks on that link? <img alt="\&quot;:D\&quot;" src="%5C"><br><br>PS: I have a website at freewebs too. Maybe it'll get pwned someday? <img alt="\&quot;:P\&quot;" src="%5C">
    Edit
    Reply
    Quote
    0 Likes
  • 02/16/2007 14:41
    alt3rn4tiv3's Avatar alt3rn4tiv3 2940
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    what a great idea!<br>-starts on a mission to pwn quang's website <img alt="\&quot;;)\&quot;" src="%5C">-
    Edit
    Reply
    Quote
    0 Likes
  • 02/16/2007 14:41
    aceldama's Avatar aceldama 4340
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    alternatively, if you're lazy you could always try the googledork<br><br>site:extremetracking.com inurl:login \"freewebs.com\" \"token=\"<br>i'm guessing most of them are stale by now. good find. <img alt="\&quot;:drink4:\&quot;" src="%5C"><br><br>[edit]<br> - one could also try adding a google alert of the above-mentioned googledork and get it as soon as it happens...<br><br> - Extreme tracker does not always log the variables that you need. pity...<br>[/edit]<br><br>
    Edit
    Reply
    Quote
    0 Likes