Spoofing Technique

[+] Category  : Spoofing   
[+] Category  : Spoofing Technique
[+] Author   : mc2_s3lector
[+] Contact  :  www.yogyacarderlink.web.id
[+] date  : 4-2-10
[+] biGthank to  : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all*.indonesian like a coding,
[+] http://www.exploit-db.com/papers/11371


src=”http://server/file.html”>)

(http://server/page?frame_src=http://examp
le/file.html)

replace
“frame_src” parameter value with
“frame_src=http://you.example/spoof.html”

user expected domain   example.com--->foregion data you.example.com

links can be sent to a user via email,messages, left on bulletin board post,
or forced upon users by Xss attacker. If you gets a user to visit a web
page designated by their malicious address, the user will believe he is
view authentication from address when he is not. Users will
implicitly trust the spoofed since the browser url bar
displays http://example, when in fact the underlying frame htm
is referencing http://you.example

exploits attack the trust relationship established between the
user& the web site.  The technique has been used to create fake
web pages including defacements,login acces forms, false press releases,etc

sampling:
Creating a spoofed press release. Lets say a web site use created HTML frames 
for their press release web pages.
A user would visit a link such as


(http://example/pr?pg=http://example/pl/03xxx.html). The resulting web page HTML would be:

code:




SRC=”http://example/pr/03xxx.html>




“pl” web apps in samplign creates HTML with a static menu&dynamic generated frame src.
“pl_content” frame pulls its source from the URL parameter value
of “pg” to display the requested press release content. But what if an
you(attacker) altered the normal URL to
http://foo.example/pr?pg=http://attacker.example/sp
oofed_press_release.html? Without properly sanity checking
the “pg” value, the resulting HTML would be


Snippet code:



http://you.example/spoofed_press_release.html”>



end user you.example.com