April 2023 Archives

Wed 19 Apr 2023 04:02:00 PM EEST

Checking existence of firewalled URLs via javascript’s script.onload

There is minor information disclosure vulnerability similar to nmap in browser.

It is possible to check the existence of firewalled URL U via the following javascript in a browser:

<script src="U" onload="alert('Exists')" onerror="alert('Does not exist')">

This might have privacy implication on potentially “semi-blind CSRF” (XXX does this makes sense?).

Works for me in Firefox, Chrome and Chromium 112.

I believe the issue won’t be fixed because it will break stuff in the mess called internet.

Online test

– guninski: https://j.ludost.net/resumegg.pdf


Posted by joro | Permanent link

Tue 18 Apr 2023 03:56:51 PM EEST

Checking existence of firewalled web servers in Firefox via iframe.onload

In short in Firefox 112, it is possible to check existence of firewalled web servers. This doesn’t work in Chrome and Chromium 112 for me.

If user A has tcp connection to web server B, then in the following html:

<iframe src="http://B" onload="load()" onerror="alert('error')" id="i1" />

the javascript function load() will get executed if B serves valid document to A’s browser and will not be executed otherwise.

This work for both http and https, and for http it is allowed B to be IP address. Under some configurations of Apache2, it serves http despite having https configured.

In some sense, this is close to nmap via javascript in a browser.

Potential privacy implication is when the attacker guess the range of firewalled IPs and check them all in a loop.

For online test:
https://j.ludost.net/onload1.html

– guninski: https://j.ludost.net/resumegg.pdf


Posted by joro | Permanent link

Thu 13 Apr 2023 04:04:04 PM EEST

Jokes by Georgi Guninski 2023-04-13

Jokes by Georgi Guninski 2023-04-13

(The Bulgarian translation is more correct)

1EN In the hospital.

  • You have attempted suicide?

  • I suppose unsucessfull?

2EN

  • Doctor, I have problem with my memory.

  • Since when?

  • I don’t remember.

3EN

This is like meeting of nuns and hookers to discuss sex. (On the Full Disclosure mailing list about hacking conference)

4EN

  • Did you hear the conspiracy theory that Bill Gates is involved in the covid pandemia?
  • That is nothing. He is responsible for the Windows pandemia.

5EN

  • What is the difference between Bill Gates and Steve Ballmer?

  • Both will sell to you their first born, but Bill Gates will deliver it.

1BG

В болницата:

  • Направили сте опит за самоубийство?

  • Предполагам неуспешен?

2BG

  • Докторе, имам проблем с паметта.

  • Откога?

  • Не помня.

3BG

Това е като среща на монахини и проститутки да обсъждат секс. (на FD пощенския списък за хакерска конференция)

4BG

  • Чу ли конспиративната теория, че Бил Гейтс е замесен в ковид пандемията?
  • Това нищо не е. Той е отговорен за пандемията от Уиндоус.

5BG

  • Каква е разликата между Бил Гейтс и Стив Балмър?
  • И двамата ще ти продадат първородното им дете, но Бил Гейтс ще ти го достави.

Posted by joro | Permanent link
/\