Full Disclosure mailing list archives
Re: Google open redirect
From: Michele Orru <antisnatchor () gmail com>
Date: Wed, 07 Dec 2011 20:24:36 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm very courious to know why Google is not taking caring about Open Redirection issues. I know what Chris think about it: http://scarybeastsecurity.blogspot.com/2010/06/open-redirectors-some-sanity.html Anyway, IMHO I guess it's better and stealthier, from an attacker point of view, to use an open redirection in Google encoding the redirected domain than register goooogle.com and phish his victims with that fake domain. Cheers antisnatchor secure poon wrote:
Problem: Google suffers from an open redirect that can be used to trick users into visiting sites not originating from google.com Example: http://www.google.com/local/add/changeLocale?currentLocation=http://www.bing.com http://www.google.com/local/add/changeLocale?currentLocation=http://www.tubgirl.ca Regards suckure _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJO371zAAoJEBgl8Z+oSxe4klAIAI0wfyCe4UBzQscTxucsXX4g D2mbXwhn39r0mqYii86wlLe0U68rM7qXaFo9Y2ivXq+Q9ol1t3OZ/mjisPKAzYpu 98znH6kjoOKR9Rhbo4/FMGrdxCZaRGw+l0GOyF1J7ZHxz0SpwIKcik9XSbeEcFwk 5oMZQN3nxYkNL7BSeCzlfCQ5KqzmBSI6J7Xnp+bl7F83BBcE9TCgriKt4iSjSwe5 Jbm/rd203r1EbA3YbfT0UCdihHjZVMDm3C9JPlUHZOeNxfpHmqkL2sKr90QF+Pvx TEuNxwDp0pcnVngNW5dIcMNihrwZ6qPLCYw9bbwkTYXaSCBqFAFadOcYF/Oqft0= =huaT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google open redirect secure poon (Dec 07)
- Re: Google open redirect Michele Orru (Dec 07)
- Re: Google open redirect Nick FitzGerald (Dec 07)
- Re: Google open redirect Michal Zalewski (Dec 07)
- Re: Google open redirect Luis Santana (Dec 07)
- Re: Google open redirect Michal Zalewski (Dec 07)
- Re: Google open redirect Michal Zalewski (Dec 08)
- Re: Google open redirect Dave (Dec 08)
- Re: Google open redirect Michal Zalewski (Dec 08)
- Re: Google open redirect Michal Zalewski (Dec 07)
- Re: Google open redirect Marsh Ray (Dec 09)
- Re: Google open redirect Michal Zalewski (Dec 09)
- Re: Google open redirect Charles Morris (Dec 12)