start > 2006-01-23 > 1
Hi5 saga
labels
| Category: | security |
Hi5 saga 
Today I logon into hi5 and checked that my redirected wasn't working. "Wow! Finally they've patched the system" - I thought. I got no reply from them, but that I was already expecting...Anyway I did some testing, and it seems that they only disallow changes on the document, such as, redirecting the page or, one that became my favourite, changing the images and the page (believe me, seeing the hi5 logo upside down is funny). The basic alert test still works, and that's not all, accessing document properties such as history and cookies is allowed, along with opening new windows.It might not be that efficient as the redirect, but opening a new window pointing to an URL with a fake login, maximizing it and making it on top, might fool some users, not as much as the redirect but still some. Other idea is to open a new window, very small (or with a banner) that would submit the users cookie to a remote page, having the cookie someone can probably with sucess hijack for some time the session (this last one is just an idea, I did not tried it...yet).I've written a new email to the hi5 team, the 3rd one… Probably, they'll just kick me out of their system so they don't have people complaining about security bugs. Let's see how it goes.
Please login to www.pabrantes.net.
Who am I?
My name is Paulo Abrantes AKA pabrantes and I'm a software developer. I'm currently employed at 
CIIST working as a Java developer in FenixEDU.This blog is mostly about Java programming, domain driven design and snipsnap bliki developing. Everything written in this blog is my personal opinion and it may not reflect the opinions of my employer and co-workers.
Blog subscription
My name is Paulo Abrantes AKA pabrantes and I'm a software developer. I'm currently employed at CIIST working as a Java developer in FenixEDU.This blog is mostly about Java programming, domain driven design and snipsnap bliki developing. Everything written in this blog is my personal opinion and it may not reflect the opinions of my employer and co-workers.
Blog subscription
Links
Home
Paulo's Profile
Post History
Add to Technorati Favorites
Paulo's Photo Gallery
WishList
Posting without Login
Lon3wolf's Blog
MANOWAR's Blog
Max's Blog
Jff's Blog
João Ferreira's Blog
Moon's Blog
Rui's Movie
Blog
Balhau's Blog
Recent PostsJava Programming: Bytecode Injection
Intermission: Sorry For Downtime
Software Developing: Studying The Bliki Domain Model
SnipSnap Developing: Trying to settle a roadmap
System Administration: Load Balancing with Apache
Blogging: Two years have passed
Software Developing: The SnipSnap Saga
Java Programming: Getting your code spicy with Groovy
Software Developing: Fluent Interfaces
Software Developing: Implementing a ShoutBox on SnipsSnip
Software Developing: SnipSnap, SnipIt and SnipSnip
Java Programming: Proxies and Access Control
Java Programming: Proxies and References
Java Programming: References' Package
YALM: Yet Another Layout Modification
For older posts, please refer to post-history for a complete Post History
… and a Guest.
Home Paulo's Profile Post History Add to Technorati Favorites Paulo's Photo Gallery WishList Posting without LoginSearch Blog
Fellow Bloggers
Lon3wolf's Blog MANOWAR's Blog Max's Blog Jff's Blog João Ferreira's Blog Moon's Blog Rui's Movie
Blog Balhau's BlogIntermission: Sorry For Downtime
Software Developing: Studying The Bliki Domain Model
SnipSnap Developing: Trying to settle a roadmap
System Administration: Load Balancing with Apache
Blogging: Two years have passed
Software Developing: The SnipSnap Saga
Java Programming: Getting your code spicy with Groovy
Software Developing: Fluent Interfaces
Software Developing: Implementing a ShoutBox on SnipsSnip
Software Developing: SnipSnap, SnipIt and SnipSnip
Java Programming: Proxies and Access Control
Java Programming: Proxies and References
Java Programming: References' Package
YALM: Yet Another Layout Modification
For older posts, please refer to post-history for a complete Post History
Recently Changed
Logged in Users: (0)