Then the researcher worked trick the browser into thinking that a script was still communicating with the original address, but is instead now connecting to an IP address on the local network.Ī DNS rebinding attack allows any website to create a DNS name that they are authorized to communicate with, and then make it resolve to localhost. SOP was implemented to prevent one website to steal data from another, the expert pointed out that it focuses on the domain name, rather than the IP address. The fix is not available for versions 2 or 3, for this reason, users urge to upgrade to the latest version.Ĭano created a PoC for this vulnerability leveraging the DNS Rebinding in order to bypass the security measure Same Origin Policy (SOP). In the case of BlueStacks, it was vulnerabile to the DNS Rebinding attack because it exposed an IPC interface on 127.0.0.1 without any authentication. “ An attacker can use DNS Rebinding to gain access to the BlueStacks App Player IPC mechanism via a malicious web page,” reads the security advisory published by BlueStacks. “From there, various exposed IPC functions can be abused.” BlueStacks addressed the flaw with the release 4.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |