Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day

2008-11-05 / 2008-11-06
Credit: Adrian P
Risk: Low
Local: No
Remote: No

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Hello folks, Yesterday, I presented for the first time [1] a new method to perform universal website hijacking by exploiting content filtering features commonly supported by corporate firewalls. I briefly discussed [2] the finding on GNUCITIZEN in the past without giving away the details, but rather mentioning what the attacker can do and some characteristics of the attack. Anyway, I'm now releasing full details on how the technique works, and a real 0day example against SonicWALL firewalls. The paper can be found on the GNUCITIZEN labs site. Please let me know if you can successfully use the same technique against firewalls by other vendors: http://sites.google.com/a/gnucitizen.org/lab/research-papers Finally, I'd like to thank Zero Day Initiative [3] for their great work and the Hack in the Box crew for organizing such a fine event! Regards, ap. REFERENCES [1] "HITBSecConf2008 - Malaysia: Cracking into Embedded Devices and Beyond!" http://conference.hackinthebox.org/hitbsecconf2008kl/?page_id=186 [2] "New technique to perform universal website hijacking" http://www.gnucitizen.org/blog/new-technique-to-perform-universal-websit e-hijacking/ [3] "SonicWALL Content-Filtering Universal Script Injection Vulnerability" http://www.zerodayinitiative.com/advisories/ZDI-08-070/ -- Adrian "pagvac" Pastor | GNUCITIZEN gnucitizen.org



Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com


Back to Top