Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Home  Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). Network Enabled Discount: SecuriTeam5_SANS Promo With Us Subjects of Interest: Vulnerability Management SQL Injection Buffer Overflows Active Network Scanning Fuzzing Fuzzer Report Network Security Network Scanner Pen Testing Security Scanner Scanner Review Fuzzer Review Web Scanner Review	Anonymizer.com Might Reveal Your IP (Double Proxy) 30 Nov. 2001    Summary The Anonymizer.com service sometimes reveals the true IP of the requesting end-user, due to inadequate filtering of incoming HTTP requests.   Credit: The information has been provided by Klaxon. Free Website Security Scan Free Fuzzer Report Vulnerability Assessment Detect web app vulnerabilities University study comparing the top Accurate and automated scanning Get guidance from professionals. 6 commercially availble fuzzers. for networks of any size.    Details Protect your website! Free Trial, Nothing to install. No interruption of visitors. www.beyondsecurity.com/vulnerability-scanner If your ISP utilizes a transparent proxy it will usually attach a "Client-ip: x.x.x.x" field to all outgoing HTTP requests. The problem arises from the fact that Anonymizer will copy this field to its own HTTP request. Actually, it will pass along any field sent with your request, which makes sense for "Accept-..." and similar commands, but is obviously a bad idea for anything containing personal information. Example: ------------------------------------- [~]# nc -l -p 80 GET / HTTP/1.0 Host: foo.example.com Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1 Accept-Charset: iso-8859-1, utf-8;q=0.66, *;q=0.66 Accept-Encoding: identity User-Agent: Mozilla/4.78 (TuringOS; Turing Machine; 0.0) Client-ip: X.X.X.X <------------ BOOM! Via: HTTP/1.1 proxy-02[XXXXXXX] (Traffic-Server/3.5.7 [XXXXXXXX]) ------------------------------------- So beware if you trust this service and there is an unknown proxy somewhere along the wire. Please note this experience was with Anonymizer.com's free service; it is unclear whether the paid service also suffers from this vulnerability. How to check for this vulnerability: Launch netcat on your port 80 (nc -l -p 80), telnet to www.anonymiser.com on port 80 and request your address: [~]$ telnet www.anonymiser.com 80 Trying 168.143.112.10... Connected to www.anonymiser.com. Escape character is '^]'. GET http://your.ip.goes.here HTTP/1.0 Foo-bar: it hurts  Netcat should spit this: [~]# nc -l -p 80 GET / HTTP/1.0 Host: your.ip.goes.here Foo-bar: it hurts Connection: Keep-Alive  If Foo-bar is there, your Client-ip can also be there. Solution: This problem was fixed by the vendor. The current version of the service is no longer vulnerable.  Comments: blog comments powered by Disqus	Related Articles Wireshark 2.0.10 offsets Remote Code Execution Vulnerability Veritas Netbackup Appliance 3.0 permissions Remote Code Execution Vulnerability Tcpdump 4.8.1 CALM Overflow Vulnerability Rapid7 Metasploit 4.13.0-2017012501 application Remote Code Execution Vulnerability Qbittorrent 3.3.10 WebUI Cross Site Scripting Vulnerability Potrace 1.12 crafted image BMP Overflow Vulnerability Oracle Solaris 11.3 update insert delete Remote Code Execution Vulnerability Oracle Primavera P6 Enterprise Project Portfolio Management 8.2 exploitable Denial Of Service Vulnerability Oracle Peoplesoft Enterprise Peopletools 8.54 Successful attacks Remote Code Execution Vulnerability Oracle Partner Management 12.1.1 insert access Remote Code Execution Vulnerability Oracle One-to-one Fulfillment 12.1.1 Remote Code Execution Vulnerability Oracle Mysql Cluster 7.2.19 unauthorized ability Denial Of Service Vulnerability Oracle Marketing 12.2.4 Base Remote Code Execution Vulnerability Oracle JDK 1.7 web service Remote Code Execution Vulnerability Oracle Issupport 12.1.2 critical complete Remote Code Execution Vulnerability Oracle Flexcube Universal Banking 12.2.0 subset Remote Code Execution Vulnerability Oracle Advanced Outbound Telephony 12.1.2 exploitable Remote Code Execution Vulnerability Nagvis 1.9 browser Execute Code Cross Site Scripting Vulnerability Mybb application Execute Code Sql Injection Vulnerability Linux Kernel 3.18 bootloader Execute Code Bypass a restriction or similar Obtain Information Vulnerability  Featured Articles Rapid7 Metasploit 4.13.0-2017012501 application Remote Code Execution Vulnerability Cisco IOS 15.2(2)e3 Denial Of Service Obtain Information Vulnerability Oracle Knowledge Management 12.1.1 critical data Remote Code Execution Vulnerability Siemens Sinumerik Integrate Operate Client modify Obtain Information Vulnerability Trend Micro Smart Protection Server 2.6 commands Execute Code Vulnerability Google Android 7.1.0 Mediaserver Execute Code Overflow Memory corruption Vulnerability Cisco Netflow Generation Appliance 1.0(2) Cross Site Scripting Vulnerability Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Vulnerability Google Android 6.0.1 context Execute Code Overflow Memory corruption Vulnerability Cisco Unified Communications Manager 11.5(1.12000.1) Cross Site Scripting Bypass a restriction or similar Vulnerability Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Memory corruption Vulnerability Oracle Marketing 12.2.6 Base Score Remote Code Execution Vulnerability Google Android 7 context Execute Code Overflow Memory corruption Vulnerability Cisco Webex Meeting Center Wbs28 Base Remote Code Execution Vulnerability Adobe Acrobat heap Execute Code Overflow Vulnerability Oracle Istore 12.1.1 critical data Remote Code Execution Vulnerability Google Android 7 Mediaserver Execute Code Overflow Memory corruption Vulnerability Cisco Netflow Generation Appliance Software 1.0(2) unresponsive Denial Of Service Vulnerability Trend Micro Smart Protection Server 2.5 attackers Directory traversal Vulnerability Cisco Email Security Appliance 9.7.1-hp2-207 Bypass a restriction or similar Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®