Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 16-03-2008, 20:12   #1254
Florence
cf.mega poster
 
Florence's Avatar
 
Join Date: Jun 2003
Services: The wonders of Sky TV BT line and Aquiss.net ADSL cable dies on 5th RIP VM.
Posts: 4,013
Florence has disabled reputation
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Yet another phorm exploit as found by Mel on ispreview.

http://www.toobadcs.co.uk/phorm/Phor...in_exploit.htm

Quote:
Possible trivial Phorm opt-in "Exploit" discovered
I was doing a tiny bit of research on Phorm last night and it occurred to me that as the Opt-out is cookie based, it should be possible to opt-in an unwilling Phorm ISP customer using cross site request forgery (csrf).

All that's required is an image link which could be hidden on a webpage or in a forum post or blog etc.

Don't worry, no opt-in images here, but you can download my test page from rapidshare.

Download-Link #1: http://rapidshare.com/files/10001349...n_exploit.html

You can check your webwise opt-in/opt-out status here http://webwise.bt.com/webwise/
Sorry if it has already been found..
__________________
I'm enjoying Aquiss. Are you? Now happily surfing the internet phorm phree long may my surfing be phree of spyware.
nice one Good luck all.no need to hang around no longer cable customer
Florence is offline