Domain: 10.0.0.1
Stories and comments across the archive that link to 10.0.0.1.
Comments · 6
-
Re:Address space limitation?
I think it's the other way around. First, you get malicious javascript loaded on http://10.0.0.1/myscript.js when you visit the exploit site.
Then when you connect to http://10.0.0.1/myscript.js on a different non-routable subnet you end up running the malicious script instead of the local version, which could include doing fun stuff against the HTTP server you are connecting to. -
Re:Address space limitation?
I think it's the other way around. First, you get malicious javascript loaded on http://10.0.0.1/myscript.js when you visit the exploit site.
Then when you connect to http://10.0.0.1/myscript.js on a different non-routable subnet you end up running the malicious script instead of the local version, which could include doing fun stuff against the HTTP server you are connecting to. -
Address space limitation?
I think address space limitation is not an issue here. If I correctly understand this vulnerability means that for example some user has cached session cookies for intranet site like http://10.0.0.1/intranet - then if he connects to other network (that I control) via VPN I can forge http://10.0.0.1/intranet site in my network trick the browser by injecting JavaScript code and read this users session cookies? Do I understand this correctly?
Well if I do then SSL/TLS certificates and cryptography in general are the means to authenticate someones (or some servers) indentity.
So my question is: if sites in my intranet use proper PKI and SSL/TLS mechanisms am I still voulnerable to this flaw?
-
Address space limitation?
I think address space limitation is not an issue here. If I correctly understand this vulnerability means that for example some user has cached session cookies for intranet site like http://10.0.0.1/intranet - then if he connects to other network (that I control) via VPN I can forge http://10.0.0.1/intranet site in my network trick the browser by injecting JavaScript code and read this users session cookies? Do I understand this correctly?
Well if I do then SSL/TLS certificates and cryptography in general are the means to authenticate someones (or some servers) indentity.
So my question is: if sites in my intranet use proper PKI and SSL/TLS mechanisms am I still voulnerable to this flaw?
-
Re:Mirror incase of slashdotting
-
Re:How can you detect transparent proxying?
Easier:
Try browsing to this or this.
Assuming your local administrator isn't using up all the non-routeable IPs, those should not connect anywhere. If you get an error message back that looks different from the one you get from this (assuming you aren't running a server yourself) then they are running a proxy. If they are both the same then either they aren't running a proxy, or you are using a broken web-browser that doesn't return proper error messages, such as IE.
Not as guaranteed to product a result as the parent message, but way easier! :-)
HTH.