Full Disclosure mailing list archives
nVidia.com [Url Redirection flaw]
From: Lorenzo Vogelsang <vogelsang.lorenzo () gmail com>
Date: Wed, 25 Mar 2009 15:21:42 +0100
Yes i've notice that is also vulnerable to Xss.. In fact this link : http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=%22%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E will succefully popup an "xss" alert message. Moreover i've checked Xssed.com and i saw that a Xss flaw(not url redirection) was already been found by st@rext ( http://www.xssed.com/mirror/25632/ ) in 17/11/2007. Nevertheless i think that nvidia was not aware of any vulnerabilities until the day in which I alerted the admin to the url redirection on nvidia.com (or nvidia is very slow to solve problems, but i don't wanna do thnik so.. :) ). In fact he answer me that a bug report was opened and that his team is working to solve the problem. Despite i've told to nvidia only the "url redirection" flaw i think that, if "url redirection" will be solved all the xss inherently vulnerabilites will be solved too. Regards Lorenzo Vogelsang. ---------- Forwarded message ---------- From: Martin Aberastegue <xyborg () gmail com> Date: Wed, 25 Mar 2009 10:48:24 -0300 Subject: Re: [Full-disclosure] nVidia.com [Url Redirection flaw] To: Lorenzo Vogelsang <vogelsang.lorenzo () gmail com> Cc: full-disclosure () lists grok org uk Well, we have a XSS too, just put whatever you want on the variable "url" closing first the meta refresh tag, i.e: http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url="><iframe src="http://www.yahoo.com/" with="100%" height=600></iframe><!-- Since nVidia is a trusted site some people could use it to spread malware directly from there. This is just a simple redirection issue and nVidia may have to correct this ASAP, even if they are just "graphics vendors". Regards. --- Martin Aberastegue http://www.martinaberastegue.com/ On Tue, Mar 24, 2009 at 11:13 AM, Lorenzo Vogelsang <vogelsang.lorenzo () gmail com> wrote:
Hi all, i'm new to the list. I'm an italian student who likes security topics in the I.C.T world.. Browsing the nVdia web sites, i have found a very basic Url redirection flaw. Infact when downloading a driver i get Urls like this: http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_notebook_winxp_64bit_beta.exe and connecting to this another Url http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://www.google.it will redirects succefully to www.google.it! (or other web site of your choice , or downloadble content..) Enjoy! Lorenzo Vogelsang. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Valdis . Kletnieks (Mar 25)
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- <Possible follow-ups>
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] yersinia (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Chris Evans (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Nick FitzGerald (Mar 26)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Nick FitzGerald (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)