Full Disclosure mailing list archives
Fw: CERT: Vulnerability in web redirectors
From: "http-equiv () excite com" <http-equiv () malware com>
Date: Sat, 22 Mar 2003 19:35:32 -0000
http://shorterlink.com/?7WVJZ7 ----- Original Message ----- Like this one?: -------------------- http://srd.yahoo.com/S=2766679:WS1/R=1/K=microsoft+sux/H=0/T=104835750 0/F=131cc5f493bf26b0a115b6debc24d362/*http://www.cryptome.org -------------------- (may be wrapped) Georgi Kurt Seifried wrote:
Like hack4life stated this is a pretty well known problem. Solving
it isn't
to hard. Legitimate clients will send an HTTP referer, thus for some unsuspecting user who clicks on a redirect link in an email they
will send a
blank referer, or off a website that referer. So simply add some
logic in
your script to check the referer, a quick and dirty in php for
example (yes,
this code is horrible and ugly, but it's a reasonably clear
example):
<HTML>
<HEAD>
<TITLE>You are now leaving example.org</TITLE>
<?php
if (preg_match ("/example\.org\//i", $_SERVER["HTTP_REFERER"] )) {
print "<META http-equiv=\"refresh\" content=\"1;URL=";
echo $_SERVER["QUERY_STRING"];
print "\">";
print "</HEAD>";
print "<BODY bgcolor=\"#ffffff\">";
print "<P>[1] Redirecting you to:";
print "<A HREF=\"";
echo $_SERVER["QUERY_STRING"];
print "\">";
echo $_SERVER["QUERY_STRING"];
print "</A>, if it doesn't work click on the link.</P>";
print "<P>";
echo $_SERVER["HTTP_REFERER"];
print "</P>";
} else {
print "</HEAD>";
print "<BODY bgcolor=\"#ffffff\">";
print "<P>Someone has tried to use this site's web redirector in
an
attempt to make a link appear legitimate.</P>"; } ?> Obviously this is not bullet proof, anyone who hacks their client
to send
fake referer's can get around it, but then we aren't trying to
block that
kind of person, we're simply trying to prevent widespread abuse by a spammer/etc. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
-- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CERT: Vulnerability in web redirectors hack4life (Mar 21)
- Re: CERT: Vulnerability in web redirectors Kurt Seifried (Mar 22)
- Re: CERT: Vulnerability in web redirectors Georgi Guninski (Mar 22)
- Re: CERT: Vulnerability in web redirectors David Leadbeater (Mar 22)
- Re: CERT: Vulnerability in web redirectors Georgi Guninski (Mar 22)
- <Possible follow-ups>
- Fw: CERT: Vulnerability in web redirectors http-equiv () excite com (Mar 22)
- Re: CERT: Vulnerability in web redirectors Kurt Seifried (Mar 22)