‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, December 16, 2021 6:59 PM, professor rat <pro2rat@yahoo.com.au> wrote:
https://www.lawfareblog.com/whats-deal-log4shell-security-nightmare
Java bug scaring the Beejesus out of a lot of folks
leveraging LDAP for lulz, it's pretty funny :P --- long long ago, someone leveraged webdav for Tor exploit (map your log, hidden service, etc. to webdav remote :) have to love these WTF vuln chains :P~ best regards, --- https://archives.seul.org/or/announce/Sep-2007/msg00000.html n Thu, Aug 02, 2007 at 06:19:18PM -0400, Roger Dingledine wrote:
Tor 0.1.2.16 fixes a critical security vulnerability that allows a remote attacker in certain situations to rewrite the user's torrc configuration file. This can completely compromise anonymity of users in most configurations, including those running the Vidalia bundles, TorK, etc. Or worse.
Here are the further details that we promised: In a nutshell, a malicious website or Tor exit node can give the Tor user a page that includes a POST element directed to Tor's control port (localhost:9051). Tor binds its control port only to localhost to avoid letting untrusted people send it commands, but the attacker skips past this protection by making the browser do the connection. And the user doesn't even have to click on anything if she's got javascript enabled. This particular attack worked because Tor's control protocol gave an error message on unrecognized commands but didn't hang up. So all the http headers from the POST were unrecognized commands, and eventually we got to the payload -- which contains recognized commands -- and it went bad from there. [ EDITOR'S NOTE: the bad from there was mapping your local service ports to an onion, storing that onion key and hostname on attacker webdav server, and then joining the rogue Tor network with your private internal network now mapped to attacker address space... :]