http://ift.tt/1Mcm4Ox The issue in Skype (bit hard to name it a real vulnerability) is actually a simple one - you can send links that seem to direct user to one URL, but actually send to some other. This is quite normal and expected in web pages GOOD_PLACE but it is not expected from Skype, because Skype creates these links itself and by default you can't create your own urls. If you type www.google.com, then client will generate link from that and it will point to www.google.com not to http://xkcd.com/932/ for example. What becomes important, is the fact that the link structure (which is usual HTML tag) is created not by receiving client but by the sender. So my client is not sending a simple www.google.com, but already ready link www.google.com. Usually this was not big issue, because it's bit hard to build your own stuff on Skype protocol and it might not been worth the effort. But now there exists a web client on http://web.skype.com and things are MUCH simpler on that. In web.skype.com client you can easily intercept (or write HTTP requests yourself) the request that sends your message to the server and change the href attribute inside a tag that was created automatically by javascript. This is not only the http/https protocols that can be used. Elar Lang ( http://ift.tt/WEIEeq ) noticed that it's also possible to use other protocols such as file: data: skype: etc.. This also might create new attack vectors.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment