THis may be of interest to this list
Subject: Nokia 7110 Wap Browser Hole
From: Aidan O'Kelly (aidan.okelly@OCEANFREE.NET)
Date: Thu Jul 13 2000 - 07:02:47 CDT
* Next message: Marc: "eEye Digital Security ports nmap to Windows NT"
* Previous message: Pedro Quintanilha: "Re: CASL & IP Options"
* Next in thread: Kristjan Kristinsson: "Re: Nokia 7110 Wap Browser Hole"
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
------------------------------------------------------------------------
Ok, so this may be slighly off topic for this forum, but I though id post it
anyway.
The nokia 7110 wap browser will happily pass form varibles that were entered
once to another site later on (in the same session? Not sure how long it
stores them for)
The problem is that the Nokia recognises forms and passes the values it used
before to text/password boxes etc.
So if you had a login form on one website. that had an input box,
type=test/password and name=userid, once you enter your userid, the nokia
stores it in a varible called $userid. If the user surfs to another site
with a text box of the same name it will put $userid into it.
Its not hard to guess what the varibles from other sites would be called,
and its possible to get the phone to submit the form without ever even
seeing it(using cards and on timer events) so information could be gathered.
afaik it applys to the real phone aswell(I dont have one, but Im 99% sure it
works, the phone defintly fills in the values, cant check if it does it for
different hosts, but the 7110 simulator is pretty accurate.)
Can anyone confirm this? or find out how long it stores the varibles for?
(id imagine till you turn the phone off, or disconnect from the net)
I wonder if the nokia sets any other varibles itself.....
Anyway, sorry if this is off topic.
Aidan
Received on Fri Jul 21 03:12:52 2000