RE: stupid IE7 question

From: Debasis Mohanty (d3basis.m0hanty@gmail.com)
Date: Wed Dec 13 2006 - 02:57:18 EST

• Next message: John Babio: "RE: traceroute interpretations, where is the firewall ?"
• Previous message: Brett Moore: "ASP Cmd Shell On IIS 5.1"
• In reply to: jas1@hotmail.com: "stupid IE7 question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Don't waste your time finding ways & means to hide an URL in any form. They
are useless and doesn't help in anyway. The basic thing an attacker will do
is to use a mitm proxy to find out all those GET POST request and retrieve
those *relatively* hidden url.

Rather be concerned about what goes as parameter via GET or POST. I like the
idea of tamperproof _VIEWSTATE implemented in ASP.NET. Most of the issues of
parameters sent insecurely are well taken care with appropriate encryption
and CRC check .

-d

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of jas1@hotmail.com
Sent: Tuesday, December 12, 2006 3:19 AM
To: pen-test@securityfocus.com
Subject: stupid IE7 question

Hi.

I am currently testing a proprietary (supposedly) secure web based
application. The application was built around users with IE6.0 and above,
one of the instances of this is that the URL is hidden from the end user
when browsing the application. Of course you can ctrl-N or save the page
locally to gain the URL, but most end users would not be looking for the
URL. I advised a while back that the application should not be passing
sensitive info via the URL in the first place. On a recent test I thought I
would use IE7 and found that 'for security' reasons the URL is always
displayed, greyed out. The issue here is that some internal/external
proprietary applications will now display sensitive info via the URL that
could cause 'serious' information disclosure - apart from relaying to the
vendor to code their apps more securely, does anyone have any more
suggestions please?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: John Babio: "RE: traceroute interpretations, where is the firewall ?"
• Previous message: Brett Moore: "ASP Cmd Shell On IIS 5.1"
• In reply to: jas1@hotmail.com: "stupid IE7 question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:26 EDT