exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

mobileTraverse.txt

mobileTraverse.txt
Posted Jul 21, 2005
Authored by Petko Petkov

Misuse of services like Google's WMLProxy and IYHY allow for proxied/anonymous attacks against web sites.

tags | advisory, web
SHA-256 | c520e4f371db2afdd4444776ffdf953c2721adc1507e695f201b5cb6b86b2db6

mobileTraverse.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security Notice: Anonymous Web Attacks via Dedicated Mobile Services
Security Risk: UNKNOWN
Publish Data: 2005 July 16

Security Researcher: Petko Petkov
Contact Information: ppetkov@gnucitizen.org
PGP Key: http://pdp.gnucitizen.org/ppetkov.asc

Synopsis
- ---------

Various Mobile Services provide malicious users with an intermediate
point to anonymously browse Web Resources and execute attacks against
them.

Affected Applications
- ----------------------

* Google's WMLProxy
* IYHY

Background
- ------------

WAP stands for Wireless Application Protocol, a communication standard
primarily designed for Information Exchange on various Wireless
Terminals such as mobile telephones. WAP devices work with WML
(Wireless Markup Language), a markup language similar to HTML but more
strict because of its XML nature. WML and HTML are totally different
in semantics. As such, there are applications located on The Internet
that are able to transcode from HTML/XHTML to WML.

Description
- ------------

An attacker can take advantage of the Google's WMLProxy Service by
sending a HTTP GET request with carefully modified URL of a malicious
nature. Such request hides the attacker's IP address and may slow down
future investigations on a successful breakin since Google's Services
are often over-trusted.

The following URL should reveal the current IP address:
http://ipchicken.com

However, a similar request proxied through WMLProxy:
http://wmlproxy.google.com/wmltrans/u=ipchicken.com
results to:
64.233.166.136 which belongs to Google Inc.

Like Google's WMLProxy, IYHY.com is HTML/XHTML transcoder, although it
is primarily designed for PDAs and Smart Phones. Still, IYHY can be
used as an intermediate point for launching anonymous attacks. For
example the following URL reveals IYHY IP address:
http://www.iyhy.com/?a=http%3A%2F%2Fipchicken.com

Attackers are able to chain Google's WMLProxy and IYHY in order to
obscure their IP address further. For example, the following URL goes
through WMLProxy and IYHY before getting to http://ipchiken.com:
http://wmlproxy.google.com/wmltrans/u=tinyurl.com@2f9g65o

Impact
- -------

Misuse of Services like Google's WMLProxy and IYHY must be considered
as a hight risk in situations where they are over-trusted. Google's
entries are often filtered out from the logs making all possible
attacks undetectable. Moreover, attackers can make use of mobile
devices to request dangerous URLs in order to compromise vulnerable
Web Applications. If such requests are not monitored by the particular
mobile network, there is no way to detect where the attack is launched
from.

Workaround
- -------------

Mobile Services can offer cleaver parameter filtering features to
prevent the execution of dangerous requests. However, it is important
to understand that simple input validation technique can be easily
circumvented. The tinyurl service can be used to obscure the dangerous
URLs, bypassing the input validation checks that an application may have.
It is also worth to mention that modifying the requests, in order to
stop certain XSS and SQL Injection attacks, may completely brake the
logic of the proxided Web Site leaving the users with unsatisfactory
results.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFC3heXFf/6vxAyUpgRAj7FAKCHCZZPFdd/UdL018MOwPRC5ShROACcDuSR
/1zd7B7ax6+Zf5hVjSwR0Pk=
=TeEv
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close