Fw: ILLC
Niki Guldbrand
nikig at vip.cybercity.dk
Fri Mar 7 10:30:42 GMT 2003
Begin forwarded message:
Date: 6 Mar 2003 12:35:23 -0000
From: Hugo "VXzquez" "CaramXs" <overclocking_a_la_abuela at hotmail.com>
To: bugtraq at securityfocus.com
Subject: ILLC
We would like to clarify some points on our previous post about Inverse
Lookup Log Corruption.
"ILLC" has nothing to do with CERT advisory "CA-2000-02"
(http://www.cert.org/advisories/CA-2000-02.html). With our technique an
attacker can spoof the IP on web server logs...(completely on Iplanet and
partially on Apache). Moreover an attacker can also hide requests on the
Iplanet log analyzer (with the "format=" prefix on it's hostname)...
This allowed us to show 7 new different bugs:
-Partial log IP spoofing on Apache (ILLC)
-Full IP spoofing on Iplanet (ILLC)
-Full hiding requests on Iplanet (ILLC)
-XSS on Iplanet Log Analyzer (ILLC)
-XSS on WebTrends (XSS in HostName)
-XSS on Surfstats (XSS in HostName)
-XSS on Webexpert (XSS in HostName)
While playing around with log analyzers, we also found other 2 XSS bugs
(these ones exploiting CERT advisory "CA-2000-02" )
-XSS on LoganPro (XSS in UserAgent)
-XSS on Webexpert (XSS in UserAgent)
Regards,
Hugo Vázquez Caramés & Toni Cortés Martínez
Infohacking Research 2001-2003
Barcelona
Spain
--
Med Venlig Hilsen / Best Regards
| Teleservice Esbjerg A/S
Niki Guldbrand | Salingsundvej 4
IT-Administrator | 6715 Esbjerg N
| Denmark
Phone : +45 79144544 |
Direct Phone : +45 79144589 | Web : http://www.teleservice.com
Fax : +45 79144599 |
E-Mail : Niki.Guldbrand at teleservice.com
--------------
modesty, n.:
Being comfortable that others will discover your greatness.
--------------
More information about the Lunar-dev
mailing list