{"id":42,"date":"2014-06-26T07:42:41","date_gmt":"2014-06-26T02:42:41","guid":{"rendered":"http:\/\/www.chmosama.com\/blog\/?p=42"},"modified":"2017-12-24T15:16:14","modified_gmt":"2017-12-24T10:16:14","slug":"dns-misconfiguration-found-in-irccloud","status":"publish","type":"post","link":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/","title":{"rendered":"DNS Misconfiguration Found in IRCCloud"},"content":{"rendered":"

Ch. Muhammad Osama, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in IRCCloud\u00a0website www.irccloud.com, which can be exploited by an attacker to conduct Same-Site Scripting\u00a0attacks.<\/p>\n

Reference :-\u00a0http:\/\/www.securityfocus.com\/archive\/1\/486606\/30\/0\/threaded<\/a><\/p>\n

Same-Site Scripting\u00a0:-<\/strong><\/p>\n

It’s a common and sensible practice to install records of the form\u00a0“localhost. IN A 127.0.0.1” into nameserver configurations, bizarrely\u00a0however, administrators often mistakenly drop the trailing dot,\u00a0introducing an interesting variation of Cross-Site Scripting (XSS) I\u00a0call Same-Site Scripting. The missing dot indicates that the record is\u00a0not fully qualified, and thus queries of the form\u00a0“localhost.example.com” are resolved. While superficially this may\u00a0appear to be harmless, it does in fact allow an attacker to cheat the\u00a0RFC2109 (HTTP State Management Mechanism) same origin restrictions, and\u00a0therefore hijack state management data.<\/p>\n

The result of this minor misconfiguration is that it is impossible to\u00a0access sites in affected domains securely from multi-user systems. The\u00a0attack is trivial, for example, from a shared UNIX system, an attacker\u00a0listens on an unprivileged port[0] and then uses a typical XSS attack\u00a0vector (e.g. <img src=…> in an html email) to lure a victim into\u00a0requesting http:\/\/localhost.example.com:1024\/example.gif, logging the\u00a0request. The request will include the RFC2109 Cookie header, which could\u00a0then be used to steal credentials or interact with the affected service\u00a0as if they were the victim.<\/p>\n

Another attack vector exists where a victim connects to a site from (or\u00a0via) a machine that hosts another website, any XSS-like flaw or\u00a0reflective web service on the hosted website can therefore be exploited\u00a0in the context of the misconfigured domain. This would also affect users\u00a0who connect via a shared caching http proxy machine, that also hosts an\u00a0http daemon.<\/p>\n

Proof of Concept :-<\/strong><\/p>\n

\"irccloud-poc\"<\/p>\n

Conclusion :-<\/strong><\/p>\n

This vulnerability has been confirmed and patched by IRCCloud\u00a0Security Team. I would like to thank them for their quick response to my report.<\/p>\n

Status : Fixed!<\/strong>
\nHall of Fame : Yes!<\/strong>
\nBounty: No!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Ch. Muhammad Osama, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in IRCCloud\u00a0website www.irccloud.com, which can be exploited by an attacker to conduct Same-Site Scripting\u00a0attacks. Reference :-\u00a0http:\/\/www.securityfocus.com\/archive\/1\/486606\/30\/0\/threaded Same-Site Scripting\u00a0:- It’s a common and sensible practice to install records of the form\u00a0“localhost. IN A 127.0.0.1” into nameserver configurations, […]<\/p>\n","protected":false},"author":1,"featured_media":43,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[18,19,6,20,8],"class_list":["post-42","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-poc","tag-dns-misconfiguration","tag-irccloud","tag-poc","tag-ssc","tag-vulnerability"],"yoast_head":"\nDNS Misconfiguration Found in IRCCloud - Blog - Choudhary Muhammad Osama<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DNS Misconfiguration Found in IRCCloud - Blog - Choudhary Muhammad Osama\" \/>\n<meta property=\"og:description\" content=\"Ch. Muhammad Osama, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in IRCCloud\u00a0website www.irccloud.com, which can be exploited by an attacker to conduct Same-Site Scripting\u00a0attacks. Reference :-\u00a0http:\/\/www.securityfocus.com\/archive\/1\/486606\/30\/0\/threaded Same-Site Scripting\u00a0:- It’s a common and sensible practice to install records of the form\u00a0“localhost. IN A 127.0.0.1” into nameserver configurations, […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Choudhary Muhammad Osama\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/chmosama\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/chmosama\" \/>\n<meta property=\"article:published_time\" content=\"2014-06-26T02:42:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-12-24T10:16:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/irccloud.png\" \/>\n\t<meta property=\"og:image:width\" content=\"705\" \/>\n\t<meta property=\"og:image:height\" content=\"344\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Choudhary Muhammad Osama\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChMuhammadOsama\" \/>\n<meta name=\"twitter:site\" content=\"@ChMuhammad\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Choudhary Muhammad Osama\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/\",\"url\":\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/\",\"name\":\"DNS Misconfiguration Found in IRCCloud - Blog - Choudhary Muhammad Osama\",\"isPartOf\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/irccloud.png\",\"datePublished\":\"2014-06-26T02:42:41+00:00\",\"dateModified\":\"2017-12-24T10:16:14+00:00\",\"author\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#primaryimage\",\"url\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/irccloud.png\",\"contentUrl\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/irccloud.png\",\"width\":705,\"height\":344,\"caption\":\"irccloud\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.chmosama.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DNS Misconfiguration Found in IRCCloud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#website\",\"url\":\"https:\/\/www.chmosama.com\/blog\/\",\"name\":\"Blog - Choudhary Muhammad Osama\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.chmosama.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7\",\"name\":\"Choudhary Muhammad Osama\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g\",\"caption\":\"Choudhary Muhammad Osama\"},\"description\":\"This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.\",\"sameAs\":[\"https:\/\/www.chmosama.com\",\"https:\/\/www.facebook.com\/chmosama\",\"https:\/\/x.com\/ChMuhammadOsama\"],\"url\":\"http:\/\/www.chmosama.com\/blog\/author\/chmosama\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DNS Misconfiguration Found in IRCCloud - Blog - Choudhary Muhammad Osama","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/","og_locale":"en_US","og_type":"article","og_title":"DNS Misconfiguration Found in IRCCloud - Blog - Choudhary Muhammad Osama","og_description":"Ch. Muhammad Osama, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in IRCCloud\u00a0website www.irccloud.com, which can be exploited by an attacker to conduct Same-Site Scripting\u00a0attacks. Reference :-\u00a0http:\/\/www.securityfocus.com\/archive\/1\/486606\/30\/0\/threaded Same-Site Scripting\u00a0:- It’s a common and sensible practice to install records of the form\u00a0“localhost. IN A 127.0.0.1” into nameserver configurations, […]","og_url":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/","og_site_name":"Blog - Choudhary Muhammad Osama","article_publisher":"https:\/\/www.facebook.com\/chmosama","article_author":"https:\/\/www.facebook.com\/chmosama","article_published_time":"2014-06-26T02:42:41+00:00","article_modified_time":"2017-12-24T10:16:14+00:00","og_image":[{"width":705,"height":344,"url":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/irccloud.png","type":"image\/png"}],"author":"Choudhary Muhammad Osama","twitter_card":"summary_large_image","twitter_creator":"@ChMuhammadOsama","twitter_site":"@ChMuhammad","twitter_misc":{"Written by":"Choudhary Muhammad Osama","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/","url":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/","name":"DNS Misconfiguration Found in IRCCloud - Blog - Choudhary Muhammad Osama","isPartOf":{"@id":"https:\/\/www.chmosama.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#primaryimage"},"image":{"@id":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#primaryimage"},"thumbnailUrl":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/irccloud.png","datePublished":"2014-06-26T02:42:41+00:00","dateModified":"2017-12-24T10:16:14+00:00","author":{"@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7"},"breadcrumb":{"@id":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#primaryimage","url":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/irccloud.png","contentUrl":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/irccloud.png","width":705,"height":344,"caption":"irccloud"},{"@type":"BreadcrumbList","@id":"https:\/\/www.chmosama.com\/blog\/dns-misconfiguration-found-in-irccloud\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.chmosama.com\/blog\/"},{"@type":"ListItem","position":2,"name":"DNS Misconfiguration Found in IRCCloud"}]},{"@type":"WebSite","@id":"https:\/\/www.chmosama.com\/blog\/#website","url":"https:\/\/www.chmosama.com\/blog\/","name":"Blog - Choudhary Muhammad Osama","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.chmosama.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7","name":"Choudhary Muhammad Osama","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g","caption":"Choudhary Muhammad Osama"},"description":"This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.","sameAs":["https:\/\/www.chmosama.com","https:\/\/www.facebook.com\/chmosama","https:\/\/x.com\/ChMuhammadOsama"],"url":"http:\/\/www.chmosama.com\/blog\/author\/chmosama\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/comments?post=42"}],"version-history":[{"count":2,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/42\/revisions"}],"predecessor-version":[{"id":199,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/42\/revisions\/199"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/media\/43"}],"wp:attachment":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/media?parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/categories?post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/tags?post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}