Professional Documents
Culture Documents
Cached Page Email Exploit: A Case Study
Cached Page Email Exploit: A Case Study
A case study
In Australia
Copyright (c) David Teisseire 2005-2008
The Approach
My next move was to “google” the site with the 'link:' option
to display sites that had links to either the parent organisation
or the site under review. In this instance both site's links were
evaluated. A manageable number of links were identified for
both sites.
The second issue revolved around the actual web pages for the
site and their availability for deep linking. I could try guessing
the html page name that contained the registration form, but
the thought of looking at page after page of “page not found”
404 errors seemed less and less appealing the longer I thought
about it.
figure 2
I was then able to view any page from those returned by the
wayback machine. Of interest was those pages that had an *
appended after the spidered date. These indicated when the
site was updated. The exercise then became one of viewing
the copies of the web page and finding one that still had the
email creation facility available.
I was able to load the imaged page from the wayback machine
site then following the email registration link contained on
that imaged page, proceed to secure a valid email account
specifically associated with the briefing organisation. In this
way the brief was proved, somewhat surprisingly, in the
affirmative.
Potential exploits
The matter then hinges on the issue of the pathway that the
email services were obtained from, that is, via a currently
unpublicised link in the target web site. A further issue arises,