THP Wisec USH DigitalBullets TheHackersPlace network
The WIse SECurity
.italian
.english
Wisec Home SecSearch Projects Papers Security Thoughts
 
News
Flash Application Testing: A New Vector for XSS and Cross Site Flashing.
IE and Firefox Digest Authentication Request Splitting.
Php import_req_var globals overwrite Advisory.
Subverting Ajax - The Paper.
Adobe Plugin Multiple Vulnerabilities.
Wisec@23rd.CCC Congress in Berlin - 29th Dec. 2006 - Subverting Ajax.
SecSearch. Search Engine for Security Community.
Mysql COM_TABLE_DUMP Flaws.
Mysql Anonymous login Flaw.
A new project to stop embed passwords in Php scripts: PassBroker.
MySQL new three vulnerabilities unleashed
PHP shmop safemode bypass
PHP RFC1867 Vuln - POC Released!
Search on Wisec
Google

Security Thoughts

[ Back ]

Thursday, October 21, 2010, 10:40

Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem

This is a short blog post about what could have happened if a malicious user had exploited the issues I found.

If someone has read the post about Java DNS Rebinding and Java applet same IP Host Access probably has come
to the same conclusion of what I am going to describe in the next few lines which can be summarized like this:
Java applet implementation could really break the web.

Consider the following points:

* Java DNS Rebinding: an attacker can point a controlled host to any IP of the web.
* Java applet same IP Host access: an attacker can read the response of any host which points to the same IP
the applet originates.

..Continue reading here

Comments:

No comments yet.

 
Comments are disabled

Admin login | This weblog is from www.mylittlehomepage.net

Wisec is brought to you by...

Wisec is written and mantained by Stefano Di Paola.

Wisec uses open standards, including XHTML, CSS2, and XML-RPC.

All Rights Reserved 2004
All hosted messages and metadata are owned by their respective authors.