Full Disclosure mailing list archives
Advisory: Redirection Bug In Feeds.MSN
From: Metaeye <contact () metaeye org>
Date: Tue, 28 Nov 2006 13:51:55 +0530
Vendor: MSN Severity: Critical Dated: 20 November 2006 Explanation: The feeds.msn website possesses a typical redirection vulnerability. The attacker can manipulate this vulnerability to leverage third party attacks. The traffic can be redirected to the desired destination of attacker's choice. Website: http://feeds.msn.com/content/ca/framesite/frmredir.asp?m=<url> You can check the redirection http://feeds.msn.com/content/ca/framesite/frmredir.asp?m=www.google.com" Vendor Status: Reported. No Response. Not patched. -- MSG http://www.metaeye.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advisory: Redirection Bug In Feeds.MSN Metaeye (Nov 28)