[Full-disclosure] Java Applets can connect to other hosts using HTTP 302 redirection
Kanatoko
anvil at jumperz.net
Wed Oct 3 03:28:40 BST 2007
It seems that the java applet located on the host A is allowed to
connect to the host B using HTTP 302 redirection on the host B.
Is it a normal behaviour?
PoC:
http://www.jumperz.net/exploits/appletTest1.jsp
host A: www.gyosatu.com
host B: www.jumperz.net
In this PoC, the java applet is downloaded from www.gyosatu.com and
connects to www.jumperz.net port 1111.
Use "tcpdump port 1111" to see the packets.
--
Kanatoko<anvil at jumperz.net>
Open Source WebAppFirewall
http://guardian.jumperz.net/
Full-Disclosure is hosted and sponsored by Secunia.