Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

To: Amit Klein <aksecurity@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
From: RSnake <rsnake@xxxxxxxxxxxx>
Date: Fri, 5 Jan 2007 08:00:53 -0800 (PST)
Cc: bugtraq@xxxxxxxxxxxxxxxxx, Web Security <websecurity@xxxxxxxxxxxxx>
In-reply-to: <459D73C4.5060709@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <6905b1570701021820v7b22961do7226be1bcf04fa57@xxxxxxxxxxxxxx> <459B3C78.2080007@xxxxxxxxx> <459BF2B6.4050807@xxxxxxxxx> <26162adb0701032227i674df796m783f5d1f95c1a7b1@xxxxxxxxxxxxxx> <459D73C4.5060709@xxxxxxxxx>

2. While thinking more about this solution, I observed that if the attackercan have an "agent" sharing the same IP address with the victim (by agent Imean an entity that can communicate with the target web site and read backits response data), then the algorithms I suggested will not be effective.Note that an attacker can share IP address with the victim when both share aforward proxy (e.g. some universities and ISPs), or when the attacker andvictim share the same machine (multi-user environment). Still, that narrowsdown the attack surface significantly.


It should be noted that this isn't as rare as just a few universities
and ISPs.  This also happens in lots of corporate networks (rogue user
on the internal network),  it happens with lots of internet cafe's, it
happens with AOL (~5MM users) and it happens with TOR users.  So while,
yes, I agree it is better than nothing it is hardly a rock solid
solution for anyone on a shared IP.

-RSnake
http://ha.ckers.org/
http://sla.ckers.org/
http://ha.ckers.org/fierce/

Follow-Ups:
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein

References:
- Universal XSS with PDF files: highly dangerous
  - From: pdp (architect)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein

Prev by Date: [ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability
Next by Date: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Previous by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Index(es):
- Date
- Thread