Browser POC's to test

Discussion in 'other security issues & news' started by CloneRanger, Jun 1, 2012.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    They either didn't work, or didn't fool me. Try 'em & see how you fare ;)

    BTW - Tested on FFv3.6.14 with & without JavaScripting etc
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Obviously it didn't fool you, you tested yourself. It's like saying "I'm a chair... haha I don't believe that for a second."

    Real world if someone on Wilders linked to "an important flash update" that was really a virus I'm fairly certain a large portion of this site would get infected.
     
  3. Tomwa

    Tomwa Registered Member

    Joined:
    Feb 3, 2010
    Posts:
    162
    Link 1 did absolutely nothing, TorBrowser blocked both popups, and noscript asked for me to follow a redirect to Adobe.com but as the the windows of maliciousness were unable to open it was pointless though I can see the issue presented.

    Link 2 was interesting in the fact that TorBrowser (My web browser) as Access to Memory and Disk cache is forbidden. This would be easily exploited in normal Firefox. I use TorBrowser for all my browsing but I have Waterfox limited to access only a specific list of Grooveshark/Youtube IPs (all other traffic is blocked and HTTP/S is blocked system wide and exceptions are made as necessary). This if anything should prove that cache access (As it is) is flawed and needs to be secured by ensuring only the site which cached the data may access it.

    Link 3 is this the same as number one? Same thing happened:

    1. Click button
    2. Asked to redirect to adobe.com
    3. Redirect
    4. Adobe.com opens in new tab and becomes the focus
    5. 2 Popups blocked on initial page.

    I must say this was fun though.
     
  4. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    3rd link- easily spotted from the firefox 13 'from' section in the download window, but yes most people would fall for this

    could someone please explain what the second link is doing/showing?
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The second link starts out as the legit webpage with the URL showing that website. It then changes after a few seconds. From the source:

     
  6. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    ok thanks
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Nothing happened in the second link for me. :rolleyes:
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    You should see this address in the address bar, right?
    banking.beaver-peak.us

    In my case I see something else:
    banking.coredump.cx/us/

    Is the POC working then? o_O
     
Loading...
Thread Status:
Not open for further replies.