Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NewOrder.box.sk Inherits Severe

From: Aditya K Sood <zeroknock () metaeye org>
Date: Fri, 30 Mar 2007 00:26:04 +0530
bugtraq () cgisecurity net wrote:

Referer checking will not stop open redirects you must create a whitelist. Consider the following

http://site/script?u=http://site/script?u=http://cnn.com

It will hit the script, redirect back to itself set the referer header then continue.

- Robert
http://www.cgisecurity.com/ Application security news and more.
http://www.cgisecurity.com/index.rss [RSS Feed]

  

Hello Aditya,
I see your point there. Hope they get it fixed. Should the patch involve
some referrer checking?

Regards,
-Nikolay Kichukov

----- Original Message ----- 
From: "Aditya K Sood" <zeroknock () metaeye org>
To: "Nikolay Kichukov" <hijacker () oldum net>;
<full-disclosure () lists grok org uk>
Sent: Thursday, March 29, 2007 7:40 PM
Subject: Re: [Full-disclosure] NewOrder.box.sk Inherits Severe
RedirectionVulnerability


    

Nikolay Kichukov wrote:
      

Hello there,
I've read the article, but I still do not see where the severe
        

redirection
    

vulnerability is. Is this not a feature of the neworder.box.sk web site
        

to
    

allow anyone to be redirected to anypage they submit to redirect.php?

Thanks,
-Nikolay Kichukov


----- Original Message ----- 
From: "Aditya K Sood" <zeroknock () metaeye org>
To: <full-disclosure () lists grok org uk>
Sent: Wednesday, March 28, 2007 8:49 PM
Subject: [Full-disclosure] NewOrder.box.sk Inherits Severe
RedirectionVulnerability



        

Hi

Previous Rootkit.com Vulnerability have been patched.
The neworder.box.sk is famous security website.It inherits very
          

specific
    

redirection attacks. The domain forwarding or URL forwarding not only
directly possible through the website but can be called from third
          

party
    

directly.

A very generic analysis have been undertaken based on search engine
specification.Look into the issues at:


          

http://zeroknock.blogspot.com/2007/03/neworderboxsk-inherits-severe.html
    

http://zeroknock.metaeye.org/analysis/neworder_red.xhtml

Regards
Zeroknock
http://zeroknock.metaeye.org/mlabs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


          


        

Hi nikolay

                       Thats where the thinking is bit off side.
Remember there
is lot of difference between redirection occurs from the main website
through generating event and the redirection  that occurs from the third
party.It will be okay to the feature context if the redirection supports
only from the website.

More precisely a search engine check is performed at the top to show
that the page is not subjected as standard page for redirection. If its
a feature than it must not be redirected from the third party.

Thats All.

Regards
Adi

      

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

    



  

Hi
             The robert is quiet clear in its view and its right.
I think there must be some event generation with respect
to redirection handler.This makes the redirection to occur
mainly from the site and not from third party.

Designing a list will be a good solution.

Regards
Adi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: