Exploit in SQLWindows - extracting values from hidden fields

forum.gupta.bugreport (2005-2010)
User avatar
Charlie
Canada
Posts: 649
Joined: 07 Mar 2017, 18:52
Location: Fredericton, New Brunswick, Canada

Exploit in SQLWindows - extracting values from hidden fields

Post by Charlie » 25 Apr 2005, 14:25

 Posted by:  Jason Veniot 

G'day

Say some malicious program, running unbeknownst to me on my computer, scans
for password fields in new forms/dialogs. Then say I run my
SQLWindows-compiled app that first pops up a login dialog to connect to our
database.

Here's a snippet of the code necessary for an external application to gain
unauthorized access to a password datafield:

PostMessage( hWnd_Victim, EM_SETPASSWORDCHAR, 0, 0 )
PostMessage( hWnd_Victim, EM_SETSEL, 0, -1 )
PostMessage( hWnd_Victim, WM_COPY, 0, 0 )
PostMessage( hWnd_Victim, EM_SETPASSWORDCHAR, '*', 0 )
PostMessage( hWnd_Victim, EM_SETSEL, 0, 0 )
GrabPassword() ! Function to grab data from clipboard and store it

I think it would be nice if the "hidden" property provided default behaviour
that would prevent this from happening.

At the very least, this security risk, and a solution to it, should be
detailed in the SQLWindows on-line documentation. The following code will
fix the problem for a password field (thanks to Jeff Luther)

Data Field: dfsPassword
Message Actions
On EM_SETPASSWORDCHAR
Return FALSE
On WM_COPY
Return FALSE
On EM_SETSEL
Return FALSE
:

Return to “gupta.bugreport”

Who is online

Users browsing this forum: No registered users and 0 guests