2010/7/3 MustLive <[email protected]>: > Hello Sebastien! > > I'm glad that you liked the title of my article :-). For the title of the > letter I used the title of my article, which I posted in September 2009 to > the list (as I referenced in last letter). If you read at least some of my > articles from 2009-2010, particularly from those which I wrote about to FD > mailing list from September 2009 (when I became posting to the list), I like > sometimes to use interesting titles for my articles. > > With such special titles I'm drawing people's attention to the problem. In > case of this particular article, I'm telling that danger of redirectors are > underestimating and they can be used for many different attacks, not only > redirecting to other sites (i.e. redirectors represent the phantom menace > for Internet community). Only recently WASC begun drawing attention to this > kind of security issues in their TC v2 (released at 01.01.2010), where they > added such class of vulnerability as URL Redirector Abuse. > >> It took me until half the post to realize this wasn't posted by >> MusntLive but by the original MustLive. > > Different people use different styles for writing texts, so it's easy to > distinguish my texts from text of others (including those who try to spoof > on my letters). I'm not subscribed on the list,
Isn't it a little rude to spam the list with advisories of dubious quality and value, yet not be a member of the community? Cheers Chris > so I didn't know about such > man as musnt live. But recently I received the letter from him, so I've > become familiar with his kind of letters :-) (which are very not serious). > So I've added his email to my blacklist and if he embarrassed you, then you > can do the same (and just ban him). In this case ban both his and the second > address, which I mentioned > (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075412.html). > Because these are both his addresses, as I found very quickly, from which > (under different names) he was trying to spam me and to the list. > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > ----- Original Message ----- > From: "Sйbastien Duquette" <[email protected]> > To: "MustLive" <[email protected]> > Cc: <[email protected]> > Sent: Monday, June 28, 2010 12:53 AM > Subject: Re: [Full-disclosure] Redirectors: the phantom menace > > >> It took me until half the post to realize this wasn't posted by >> MusntLive but by the original MustLive. With a title like that, I >> assumed it was some kind of mockery. Sometimes reality is stranger >> than fiction... >> >> On Sun, Jun 27, 2010 at 4:45 PM, MustLive <[email protected]> >> wrote: >>> Hello participants of Full-Disclosure! >>> >>> Additional information for those who read my article (and who still >>> didn't >>> they can do it) Redirectors: the phantom menace >>> (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html). >>> >>> In addition to previous 12 attacks via open redirectors this year I added >>> three new attacks (and soon would add more). >>> >>> To before-mentioned attacks the redirectors also can be used: >>> >>> - For conducting of XSS attacks via PDF files, which I wrote about in >>> post >>> regarding Script Injection in Adobe Acrobat >>> (http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00049.html). >>> >>> - For conducting of DoS attacks on browsers via redirection to mailto: >>> URL, >>> which I wrote about in post DoS in Firefox, Internet Explorer, Chrome, >>> Opera >>> and other browsers (http://websecurity.com.ua/4206/). This concerns both >>> open redirectors and closed redirectors >>> (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html). >>> >>> - For bypassing of restrictions on URL at HTML Injection attacks, >>> particularly Link Injection. As in case of vulnerability at >>> news.yahoo.com >>> (http://websecurity.com.ua/3723/). In contrast to bypass of protection >>> filters at using of closed redirectors (attack #10), in this case not >>> external redirector is using, but internal one (at this site, or at the >>> site >>> from allowed list). >>> >>> Best wishes & regards, >>> MustLive >>> Administrator of Websecurity web site >>> http://websecurity.com.ua >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
