Home page logo

basics logo Security Basics mailing list archives

WebApplication authentication security risk
From: Simon <simon.xhz () gmail com>
Date: Mon, 6 Mar 2006 02:18:55 -0500

  It's been a while since I checked here, just in case I'll send out
the usual handshake <Hello World!>

  I was working on networking "relay", a program that listens for
incoming connections on localhost and relays packets to a remote host.

  The first host I tried was google.ca.  My relay did not relay the
page, IExplorer showed a blank page.  If I go to a different site, it

  I have made a PHP script in the past that takes a username,
password, IP address, User-Agent, a cookie (md5 hash of
date+ip+useragent).  And I found out I could possibly start hacking my
own security PHP script using this relay.

  For a secure PHP script, make sure you check the browser's requested
URI.  If browser requested anything else than the script's host, then
you know the connection is relayed and could be sniffed. 
Unfortunately, it is possible to repackage the HTTP headers to change
the Requested URI and only an encrypted connection would be able to
prevent this kind of exploit.

Anyway, hope it interest a couple people, hope I didn't bother anyone,
it's just I thougth my own secure login script was top secure and I'm
sure that programmers check for this rarely!


The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.


  By Date           By Thread  

Current thread:
  • WebApplication authentication security risk Simon (Mar 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]