A common misconception I’ve noticed people using is that using Google cache protects you from being “seen” by the site you are seeing in cache. This same idea has been discussed in the book Google Hacking for Penetration Testers using Google’s translation service. The problem is that both Google cache and Google translation only cache and translate the base page.

So a simple way to detect these tools being used against you is to include image using full path verses relative paths and use remote style sheets and JavaScript. When the user goes to the page using these tools they will fetch the remote JavaScript/image/stylesheet and it will show up in your logs. There is a way around this type of detection though.

The easiest solution is to use a text based browser. It’s super funky, if you ask me, compared to a tool like anonymizer or an anonymizing proxy because you are limited to the text on the page, but it does work. The other thing that has XSS implications is that Google Cache, translation service, and other similar tools are all vulnerable to XSS script injection. This isn’t particularly useful because they reside on IP addresses rather than the same domain as the website or other tools that you might want to perform attacks against.

The only function that is at risk of information leakage at the moment is the bookmark link that is visible on the cache page but that is not particularly useful since it’s just a shorthand link. Session riding is still possible though with predictive function names, etc… It’s probably better to just avoid the pages you are concerned about unless you have a browser that can protect you from XSS and CSRF (like Lynx).

/RSnake

This entry was posted on Saturday, June 10th, 2006 at 12:21 pm and is filed under XSS, Webappsec. Responses are currently closed, but you can trackback from your own site.