Bugtraqmailing list archives
Re: Adgregate ShopAd widget validation is vulnerable to replay attack
From: Matthew Dempsky <matthew () dempsky org>
Date: Wed, 8 Apr 2009 00:21:53 -0700
On Tue, Apr 7, 2009 at 6:56 PM, Matthew Dempsky <matthew () dempsky org> wrote:
As an update, since I submitted my first message, Adgregate changedtheir validation mechanism. The current method is stillintermittently vulnerable to replay attacks, but now there's actuallyan expiration mechanism to deal with.
I've updatedhttp://shinobi.dempsky.org/~matthew/adgregate.html tohandle the new validation mechanism.It's basically the same as before, except every 5 minutes (alignedwith the hour) the (single, global) validation string changes. Youcan easily retrieve the current one using curl:$ curl -ehttps://secure.adgregate.com/vid_m_widget.swf \
https://secure.adgregate.com/validatewidget.aspx?wid=1
&validation=3F228F6F-6B30-4BB4-A7D0-EF5D7F4ABD54I'll continue updating the above URL as they (hopefully) furtherrevise the scheme, but I'm going to refrain from spamming BugTraqabout it.
Current thread:
- Adgregate ShopAd widget validation is vulnerable to replay attackMatthew Dempsky (Apr 08)
- Re: Adgregate ShopAd widget validation is vulnerable to replay attackMatthew Dempsky (Apr 08)
- Re: Adgregate ShopAd widget validation is vulnerable to replay attackMatthew Dempsky (Apr 08)
- Re: Adgregate ShopAd widget validation is vulnerable to replay attackMatthew Dempsky (Apr 08)