Full Disclosure mailing list archives
Re: Google open redirect
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 8 Dec 2011 01:13:02 -0800
For example: did you know that if you click on a link from coredump.cx to microsoft.com and it opens in a new window, then a second or two later, that coredump.cx in the background can change the URL of the microsoft.com window, and point it to evil.com? Heck, coredump.cx can even wait until you navigate further down the microsoft.com website - and detect that event programmatically. That behavior is enshrined within the current design of the same-origin policy, and browser vendors seem hesitant to touch it.
Here's a tiny PoC: http://lcamtuf.coredump.cx/switch/ /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google open redirect secure poon (Dec 07)
- Re: Google open redirect Michele Orru (Dec 07)
- Re: Google open redirect Nick FitzGerald (Dec 07)
- Re: Google open redirect Michal Zalewski (Dec 07)
- Re: Google open redirect Luis Santana (Dec 07)
- Re: Google open redirect Michal Zalewski (Dec 07)
- Re: Google open redirect Michal Zalewski (Dec 08)
- Re: Google open redirect Dave (Dec 08)
- Re: Google open redirect Michal Zalewski (Dec 08)
- Re: Google open redirect Michal Zalewski (Dec 07)
- Re: Google open redirect Marsh Ray (Dec 09)
- Re: Google open redirect Michal Zalewski (Dec 09)
- Re: Google open redirect Charles Morris (Dec 12)
- Re: Google open redirect Valdis . Kletnieks (Dec 09)
- Re: Google open redirect Marsh Ray (Dec 11)
- Re: Google open redirect Dave (Dec 09)
- Re: Google open redirect Tavis Ormandy (Dec 10)
- Re: Google open redirect Marsh Ray (Dec 13)