[ home ]  [ private ]  [ 0Day ]  [ discount ]  [ Get Gold ]  [ platforms ]  [ pentest ]  [ search ]  [ faq ]  [ contact ]  [ style ]  [ Prices in Gold ]   db: 39 583    
0day Today Exploit DB Official Facebook
0day Today Exploit DB Official Twitter
0day Today Exploit DB Official RSS Channel
Tor
We DO NOT use Telegram or any messengers / social networks!
We DO NOT use Telegram or any messengers / social networks!

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

 
0day.today - Biggest Exploit Database in the World.
Select your language:  
English
English
Русский
Русский
Deutsch
Deutsch
Türkçe
Türkçe
Français
Français
Italiano
Italiano
Español
Español
Romania
Romania
Polskie
Polskie
العربية
العربية
Japan
Japan
China
China
Things you should know about 0day.today:
  • We use one main domain: http://0day.today
  • Most of the materials is completely FREE
  • If you want to purchase the exploit / get V.I.P. access or pay for any other service,
    you need to buy or earn GOLD
We accept currencies: [contact admin to find more]
           
We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
I am registered user of 0day.today. I don't want to see this screen in future.
What to do first?
  1. Read the [ agreement ]
  2. Read the [ Submit ] rules
  3. Visit the [ faq ] page
  4. [ Register ] profile
  5. Get [ GOLD ]
  6. If you want to [ sell ]
  7. If you want to [ buy ]
  8. If you lost [ Account ]
  9. Any questions [ admin@0day.today ]


Main links


You can contact us by

Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
0day Today Exploits Market and 0day Exploits Database

Geonick Social Network Clickjacking / Credential Disclosure

Author
Juan Carlos Garcia
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-21182
Category
web applications
Date add
30-08-2013
Platform
php
GEONICK SOCIAL-NETWORK Insecure crossdomain.xml file / Clickjacking: X-Frame-Options header missing / User credentials are sent in clear text

Time-Line Vulnerability
***********************

Multiple Advisories but NOT RESPONSE

Then

Full Disclosure

I-VULNERABILITY
-------------------------

#Title: GEONICK SOCIAL-NETWORK Insecure crossdomain.xml file / Clickjacking: X-Frame-Options header missing / User credentials are sent in clear text/

#Vendor:http://geonick.com

#Author:Juan Carlos García (@secnight)

#Follow me 

 http://www.highsec.es
 http://hackingmadrid.blogspot.com
Twitter:@secnight



II-Introduction:
================
Geonick is a Spanish social network and a search engine that lets you find people around you or far corners that share your interests,
hobbies and interests.

Geonick is a free social network that offers an option some advanced features and payment.

Literal : ""Because we believe in the Internet, in social relations, information sharing and the exchange of messages
but we believe that all this can be based on respect for the individual, his privacy."



====================
III-PROOF OF CONCEPT
====================


Attack details
--------------

Insecure crossdomain.xml file
******************************

The browser security model normally prevents web content from one domain from accessing data from another domain.
This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data.
They permit operations that are not permitted by default. The URL policy file is located, by default, in the root directory
of the target server, with the name crossdomain.xml (for example, at www.example.com/crossdomain.xml). 

When a domain is specified in crossdomain.xml file, the site declares that it is willing to allow the operators of any servers
in that domain to obtain any document on the server where the policy file resides. The crossdomain.xml file deployed on this website
opens the server to all domains (use of a single asterisk "*" as a pure wildcard is supported) like so: 

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

This practice is suitable for public servers, but should not be used for sites located behind a firewall because it could permit
access to protected areas. It should not be used for sites that require authentication in the form of passwords or cookies.
Sites that use the common practice of authentication based on cookies to access private or user-specific data should be especially
careful when using cross-domain policy files.


Attack details
--------------
The crossdomain.xml file is located at /crossdomain.xml (2)

GET /crossdomain.xml HTTP/1.1
Host: geonick.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

Response

HTTP/1.1 200 OK

Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough
/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.35 mod_fcgid/2.3.6
Last-Modified: Tue, 18 Oct 2011 19:37:56 GMT

ETag: "620d41-60-4af97dc318d00"

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>



Clickjacking: X-Frame-Options header missing(2)
***********************************************

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) 
is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they 
are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking 
on seemingly innocuous web pages. 

The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack.
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page
in a <frame> or <iframe>.
Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. 

The impact of this vulnerability

The impact depends on the affected web application. 

How to fix this vulnerability

Configure your web server to include an X-Frame-Options header.


User credentials are sent in clear text
*****************************************
User credentials are transmitted over an unencrypted channel.
This information should always be transferred via an encrypted channel (HTTPS)
to avoid being intercepted by malicious users.

Affected items

/ 
/join.php (8dc38e7512b6a37942d44d069e27a3c8) 
/join.php (d8028533028fdeb45b1cce8901809db6) 
/join.php/user=tourist 
/member.php (975a4a1b7430a0d8d05b765506281cce) 
/member.php (f15bbaf05a65fce70291e7e91f71abea) 

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

How to fix this vulnerability

Because user credentials are considered sensitive information, should always be transferred to the server
over an encrypted connection (HTTPS).



IV. CREDITS
-------------------------

This vulnerability has been discovered
by Juan Carlos García(@secnight)


V. LEGAL NOTICES
-------------------------

The Author accepts no responsibility for any damage
caused by the use or misuse of this information.

#  0day.today [2024-11-15]  #
0day Today Exploit Database buy and sell exploits type (local, remote, DoS, PoC, etc.)
Send all submissions to mr.inj3ct0r[at]gmail.com
Copyright © 2008-2024 0day Today Team