|
Stealing Passwords Via Browser Refresh
|
|
Hits: 0 |
|
Date added: 08/05/2005 |
|
Browsers have the ability to maintain a recent record of pages that were visited by a user. The back and forward button on browsers use this functionality to display the pages recently browsed. In addition browsers also keep track of variables that were POSTed to the server while fetching the page.
The refresh feature immensely increases the functionality of the browsers and makes it convenient for users. Moreover it is done transparently so that users do not need to be aware that the variables are automatically posted to the server. All that a user has to do is to click on the “yes” button of a dialog box prompted by the browser before re-posting. This lets a user view the same pages that he had visited before.
Considering functionality, this is a very powerful feature but it can also be used to capture important user credentials from a browser. Here the inherent feature of the browser to store POST variables is exploited to gain access to important user credentials.
We will also be discussing another variation of the attack. These attacks are very simple to execute and require medium level of skills. For each variation of the attack we have proposed the solution used to address the issue. |
|
|
|
|
|
SSLPCT
|
|
Hits: 0 |
|
Date added: 12/13/2004 |
|
White paper analysis of the SSL PCT vulnerability. Gives full details on how exploitation has been performed and what it took for working exploits to be created. |
|
|
|
|
|
SSL PCT Exploitation Analysis
|
|
Hits: 1 |
|
Date added: 03/13/2005 |
|
A nice analysis about the THCIISLAME SSL/PCT bug. How the bug was exploited and how to use it. Beside this a small introduction to generic exploit coding will be shown. |
|
|
|
|
|
SQL The Complete Reference
|
|
Hits: 1 |
|
Date added: 09/28/2006 |
|
SQL is the core technology behind enterprise from Oracle, Informix, Sybase, IBM, Microsoft, and others--the backbone of a $5 billion industry. Comprehensive coverage includes current enhancements and extensions to SQL, the JDBC interface, data warehousing, and more. Robust CD contains the entire book online with hyperlinks, all source code, the sample database from the book, and a self-study quiz. |
|
|
|
|
|
|
SQL Practical Guide
|
|
Hits: 2 |
|
Date added: 01/21/2006 |
|
This practical guide is a short and focused introduction to the main features of using SQL to technically competent readers. The book is useful as both a tutorial and reference, and will include chapter questions and exercises. |
|
|
|
