Full Disclosure mailing list archives
Re: nVidia.com [Url Redirection flaw]
From: Rubén Camarero <rjcamarero () gmail com>
Date: Tue, 24 Mar 2009 14:45:46 -0400
If ATI and nVidia were web content developers, this may be a valid argument, but they are not. They are graphics vendors, hardware and software. Not to mention the fact that this isn't a "serious" issue. RFI is a serious issue, IMHO. On Tue, Mar 24, 2009 at 1:37 PM, <mac.user () mac hush com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been saying for years that ATI is better than nvidia and here is just one more reason! You don't see serious issues like this with ATI's website. On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang <vogelsang.lorenzo () gmail com> wrote:Hi all, i'm new to the list. I'm an italian student who likes security topics in the I.C.T world.. Browsing the nVdia web sites, i have found a very basic Url redirection flaw. Infact when downloading a driver i get Urls like this: http://www.nvidia.com/content/DriverDownload/download_confirmation. asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_not ebook_winxp_64bit_beta.exe and connecting to this another Url http://www.nvidia.com/content/DriverDownload/download_confirmation. asp?kw=&url=http://www.google.it will redirects succefully to www.google.it! (or other web site of your choice , or downloadble content..) Enjoy! Lorenzo Vogelsang.-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg9/ kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH4s xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl7q jOiz888= =2MOh -----END PGP SIGNATURE----- -- Can't pay your bills? Click here to learn about filing for bankruptcy. http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6MFdjI1xth2KPqL4lm3VupTlG/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Rubén Camarero CCNA, CISSP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Valdis . Kletnieks (Mar 25)
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- <Possible follow-ups>
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] yersinia (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Chris Evans (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Nick FitzGerald (Mar 26)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Nick FitzGerald (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)
- Re: nVidia.com [Url Redirection flaw] ascii (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Eitan Adler (Mar 24)