|
Full Disclosure
mailing list archives
Java Applets can connect to other hosts using HTTP 302 redirection
From: Kanatoko <anvil () jumperz net>
Date: Wed, 03 Oct 2007 11:28:40 +0900
It seems that the java applet located on the host A is allowed to
connect to the host B using HTTP 302 redirection on the host B.
Is it a normal behaviour?
PoC:
http://www.jumperz.net/exploits/appletTest1.jsp
host A: www.gyosatu.com
host B: www.jumperz.net
In this PoC, the java applet is downloaded from www.gyosatu.com and
connects to www.jumperz.net port 1111.
Use "tcpdump port 1111" to see the packets.
--
Kanatoko<anvil () jumperz net>
Open Source WebAppFirewall
http://guardian.jumperz.net/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Java Applets can connect to other hosts using HTTP 302 redirection Kanatoko (Oct 02)
| 
Intro
