Advisory : Redirection Vulnerability In Versigin Weblogs

["Aditya Sood" <ZeroKnock () MetaEye Org>]

Advisory : Redirection Vulnerability In Versigin Weblogs

Expalantion:

The weblogs is a verisign service for currently
updating the blogs and provide requisite information
to the users of specific blog which has been updated.

The weblog can act as a base for redirection attacks
because traffic gets easily redirected from the website.
This ensures weakness in a way if the URL is used by
the third party it still redirects the traffic.No doubt
if the link is clicked from the website it directs to
the required destination but if is filtered fully than
third party wont set the redirection easily.
But thats not a case here.

Example : Get To Google Via Weblogs.com
http://www.weblogs.com/clickthru?url=http://www.google.com

The point is it should redirected to blogs only.

It has already been reported to Verisign.

For detail look up:

http://zeroknock.blogspot.com/2007/01/verisign-weblogs-base-for-third-party.html

Regards
Zeroknock
http://zeroknock.metaeye.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/