/w/index.php
Alert group: BREACH attack
Severity Medium
Description
This web application is potentially vulnerable to the BREACH attack.
An attacker with the ability to:
Inject partial chosen plaintext into a victim's requests
Measure the size of encrypted traffic
can leverage information leaked by compression to recover targeted parts of the plaintext.
BREACH (Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext) is a
category of vulnerabilities and not a specific instance affecting a specific piece of software. To be
vulnerable, a web application must:
Be served from a server that uses HTTP-level compression
Reflect user-input in HTTP response bodies
Reflect a secret (such as a CSRF token) in HTTP response bodies
Recommendations
The mitigations are ordered by effectiveness (not by their practicality - as this may differ from one
application to another).
Disabling HTTP compression
Separating secrets from user input
Randomizing secrets per request
Masking secrets (effectively randomizing by XORing with a random secret per request)
Protecting vulnerable pages with CSRF
Length hiding (by adding random number of bytes to the responses)
Rate-limiting the requests
Alert variants
Details
This alert was issued because the following conditions were met:
The page content is served via HTTPS
The server is using HTTP-level compression
URL encoded GET input returnto was reflected into the HTTP response body.
HTTP response body contains a secret named wpCreateaccountToken
GET /w/index.php?
returnto=%D9%88%DB%8C%DA%98%D9%87:%D8%AC%D8%B3%D8%AA%D8%AC%D9%889585451&returntoquery=go%253D%25
D8%25A8%25D8%25B1%25D9%2588%2526search%253Dthe&title=%D9%88%DB%8C%DA%98%D9%87:%D8%A7%DB%8C%D8%AC
%D8%A7%D8%AF_%D8%AD%D8%B3%D8%A7%D8%A8_%DA%A9%D8%A7%D8%B1%D8%A8%D8%B1%DB%8C HTTP/1.1
Referer: https://wikicod.ir/w/index.php
Connection: keep-alive
Cookie: vector-nav-p-HTML_.D9.88_CSS=true;vector-navp-.D8.AC.D8.A7.D9.88.D8.A7_.D8.A7.D8.B3.DA.A9.D8.B1.DB.8C.D9.BE.D8.AA=false;vector-nav-pServer_Side=false;vector-nav-p-Programming=false;vector-nav-ptb=false;wikicod_coddb_wikicod__session=rqe73jqgdkt7g5f4svo838m7lv53h58t;mf_useformat=true;stopM
obileRedirect=true
Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==
Accept: */*
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Description
Description
Related Objects
Related Objects
Event Timeline
Comment Actions
This is unrelated to any Wikimedia production website or project and is instead an issue with the website against which this scan was run: wikicod.ir. Resolving as invalid.