|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 150
Members: 0
Total: 150
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
openads 2.0.11 vulnerability |
|
Posted: Thu Jun 14, 2007 7:13 am |
|
|
bean703 |
Regular user |
|
|
Joined: Mar 21, 2007 |
Posts: 22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Thu Jun 14, 2007 8:31 am |
|
|
drag |
Active user |
|
|
Joined: May 31, 2007 |
Posts: 25 |
|
|
|
|
|
|
|
Apparently upgrading to 2.0.11-pr1 fixes the problem:
http://www.frsirt.com/english/advisories/2007/1364
So, if your friend is indeed wanting to fix his/her version it seems like this would work.
What I understand from looking at it is that the bug allows the attacker to split the HTTP header, in other words, create another one. If there exists an intermediary (e.g. cache proxy server), then this allows the attacker to 'poison' the cache proxy server. This allows for stealing information from an innocent victim, or providing them with a custom malicious page.
Sounds tricky/difficult to exploit.
I found an interesting explanation of the attack:
www.owasp.org/images/1/1a/OWASPAppSecEU2006_HTTPMessageSplittingSmugglingEtc.ppt |
|
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|