Firefox bookmarks extended application Pocket: vulnerability mining is not that difficult

Source: Internet
Author: User

Firefox bookmarks extended application Pocket: vulnerability mining is not that difficult

Pocket application developers recently fixed several data leakage vulnerabilities. Hackers can obtain WEB services, internal IP addresses, and more sensitive information from the server.

Introduction to Pocket

Pocket, formerly known as Read it Later, is an online bookmarking application that allows users to save and Manage Links to good articles seen on the Internet.

Security researcher Clint Ruoho described the vulnerability of the application in a blog on Tuesday. He claims that when Pocket security was investigated in early June, Firefox developers added it as a common extension.

Several vulnerabilities in detail

Ruoho noticed that Pocket uses an intranet proxy for some functions. By sending a request to apache on the server, he found that its mod_status would leak some information about the Pocket user, including "intranet resources, target IP addresses, request URL parameters and query parameters ".

This means that if ExtendedStatus is enabled in apache, attackers can use the GET request to determine which articles are being read or saved by other users.

Ruoho told reporters on Wednesday:

"On the status page returned by the server, because the Pocket server enables ExtendedStatus, after a request is sent to the server, the server returns the first 60 characters or a complete GET request, there are URL links read or saved by other users in the Pocket."

In addition, Ruoho also found that he can obtain metadata from the Pocket server without authentication. The data exists on Amazon cloud host service (EC2.

This vulnerability may allow attackers to obtain web application authentication information and other information about Pocket, such:

Identity authentication credential availability region instance type network type MAC address additional storage block details

The most worrying thing about the vulnerability detected by Ruoho is that, if a malicious attacker intentionally places a redirection link in the Pocket, attackers may be able to read arbitrary files on the Pocket server as root. In the case presented by Ruoho, the poc "file: // etc/passwd" was used, which is easily replaced with other attack vectors.

Since Pocket uses a EC2-Classic-type server, users in the US-EAST-1 region can access ports 22 and 80 of the Pocket's EC2-Classic server.

Pocket vulnerability postscript

Ruoho said that although these vulnerabilities sound a bit difficult to mine. You only need a browser or a mobile app in a Pocket for manual testing. This does not require any other tools or scripts.

However, Mozilla still retains the Pocket feature in Firefox and fixes the issue accordingly.

Fortunately, although there is no corresponding reward policy, Pocket is a more responsible application. During the Ruoho review, it was found that official technicians had fixed the vulnerability quite quickly.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.