Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
HitBox gateway 9.3.2
Posted by: euronymous
Date: December 15, 2007 03:32PM

Hi guys...

I've finally decided to make my bachelor thesis (for those who red my topic in Projects - maybe a bit confused) on Session management...

it will be named SESSION MANAGEMENT ON WEB APPLICATIONS FROM A HACKER'S PERSPECTIVE...
for sure I will ask you few things during my long work...adding sla.ckers.org community, and Robert's ideas as "ringraziamenti" (like: THANKS TO....)

I've found several session fixation vulnerabilities in the most important application to manage users on my University...(thanks Dafydd for your new improved Burp - without NullPointerExceptions :))

well...I'm now taking a look at my bank website, just analyzing how session management is working...
a bit strange: the normal part of the website (that doesn't need authentication) is written in PHP, the "HOT" part in Java (JSP)..
apart from this, analyzing all the communications from my proxy to the server, I've figured out a third host is contacted with something strange:

GET /HG?hc=&hb=DM550624DJCM11EN3&cd=1&hv=6&n=/Privati&con=&vcon=/Home+Privati&tt=auto&ja=y&dt=14&zo=-60&lm=0
&ce=y&ss=2048*768&sc=24&sv=15&cy=u&hp=u&ln=&np=Linux&nc=u&vpc=HBX0200u&vjs=HBX0250.11u&hec=0&pec=&cmp=&gp=
&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=1&epg=&cv=&gn=&ld=&la=&c1=&c2=&c3=&c4=&customerid=&ttt=lid,lpos,name
&ra=&rf=bookmark&pu=&pl=&lv.id=&lv.pos=&hid=0.22552679479122162 HTTP/1.0

that's a totally different host: making a simple GET on the root content, it returns the following:

HTTP/1.1 200 OK
Date: Sat, 15 Dec 2007 21:31:55 GMT
Server: Hitbox Gateway 9.3.2
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Cneonction: close
Pragma: no-cache
Cache-Control: max-age=0, private, proxy-revalidate
Expires: Sat, 15 Dec 2007 21:31:56 GMT
Content-Type: text/plain
Content-Length: 19
Connection: Keep-Alive

HitboxGateway9.3.2

I didn't find so much infos about this product: it seems something like googleAnalytics to collect infos...

did you never encountered something like that in your penTests guys?

I'm really interested to hear your news

let's me know

ciao

+++eat, fuck, hack+++



Edited 1 time(s). Last edit at 12/15/2007 03:35PM by euronymous.

Options: ReplyQuote


Sorry, only registered users may post in this forum.