Full Disclosure mailing list archives
Advisory : Redirection Vulnerability In Versigin Weblogs
From: "Aditya Sood" <ZeroKnock () MetaEye Org>
Date: Fri, 5 Jan 2007 11:13:03 -0500 (EST)
Advisory : Redirection Vulnerability In Versigin Weblogs Expalantion: The weblogs is a verisign service for currently updating the blogs and provide requisite information to the users of specific blog which has been updated. The weblog can act as a base for redirection attacks because traffic gets easily redirected from the website. This ensures weakness in a way if the URL is used by the third party it still redirects the traffic.No doubt if the link is clicked from the website it directs to the required destination but if is filtered fully than third party wont set the redirection easily. But thats not a case here. Example : Get To Google Via Weblogs.com http://www.weblogs.com/clickthru?url=http://www.google.com The point is it should redirected to blogs only. It has already been reported to Verisign. For detail look up: http://zeroknock.blogspot.com/2007/01/verisign-weblogs-base-for-third-party.html Regards Zeroknock http://zeroknock.metaeye.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advisory : Redirection Vulnerability In Versigin Weblogs Aditya Sood (Jan 05)