lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Mar 2007 00:26:04 +0530 From: Aditya K Sood <zeroknock@...aeye.org> To: bugtraq@...security.net, full-disclosure@...ts.grok.org.uk, Nikolay Kichukov <hijacker@...um.net> Subject: Re: NewOrder.box.sk Inherits Severe bugtraq@...security.net wrote: > Referer checking will not stop open redirects you must create a whitelist. Consider the following > > http://site/script?u=http://site/script?u=http://cnn.com > > It will hit the script, redirect back to itself set the referer header then continue. > > - Robert > http://www.cgisecurity.com/ Application security news and more. > http://www.cgisecurity.com/index.rss [RSS Feed] > > >> Hello Aditya, >> I see your point there. Hope they get it fixed. Should the patch involve >> some referrer checking? >> >> Regards, >> -Nikolay Kichukov >> >> ----- Original Message ----- >> From: "Aditya K Sood" <zeroknock@...aeye.org> >> To: "Nikolay Kichukov" <hijacker@...um.net>; >> <full-disclosure@...ts.grok.org.uk> >> Sent: Thursday, March 29, 2007 7:40 PM >> Subject: Re: [Full-disclosure] NewOrder.box.sk Inherits Severe >> RedirectionVulnerability >> >> >> >>> Nikolay Kichukov wrote: >>> >>>> Hello there, >>>> I've read the article, but I still do not see where the severe >>>> >> redirection >> >>>> vulnerability is. Is this not a feature of the neworder.box.sk web site >>>> >> to >> >>>> allow anyone to be redirected to anypage they submit to redirect.php? >>>> >>>> Thanks, >>>> -Nikolay Kichukov >>>> >>>> >>>> ----- Original Message ----- >>>> From: "Aditya K Sood" <zeroknock@...aeye.org> >>>> To: <full-disclosure@...ts.grok.org.uk> >>>> Sent: Wednesday, March 28, 2007 8:49 PM >>>> Subject: [Full-disclosure] NewOrder.box.sk Inherits Severe >>>> RedirectionVulnerability >>>> >>>> >>>> >>>> >>>>> Hi >>>>> >>>>> Previous Rootkit.com Vulnerability have been patched. >>>>> The neworder.box.sk is famous security website.It inherits very >>>>> >> specific >> >>>>> redirection attacks. The domain forwarding or URL forwarding not only >>>>> directly possible through the website but can be called from third >>>>> >> party >> >>>>> directly. >>>>> >>>>> A very generic analysis have been undertaken based on search engine >>>>> specification.Look into the issues at: >>>>> >>>>> >>>>> >> http://zeroknock.blogspot.com/2007/03/neworderboxsk-inherits-severe.html >> >>>>> http://zeroknock.metaeye.org/analysis/neworder_red.xhtml >>>>> >>>>> Regards >>>>> Zeroknock >>>>> http://zeroknock.metaeye.org/mlabs >>>>> >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>>> >>>>> >>>> >>>> >>> Hi nikolay >>> >>> Thats where the thinking is bit off side. >>> Remember there >>> is lot of difference between redirection occurs from the main website >>> through generating event and the redirection that occurs from the third >>> party.It will be okay to the feature context if the redirection supports >>> only from the website. >>> >>> More precisely a search engine check is performed at the top to show >>> that the page is not subjected as standard page for redirection. If its >>> a feature than it must not be redirected from the third party. >>> >>> Thats All. >>> >>> Regards >>> Adi >>> >>> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > > > Hi The robert is quiet clear in its view and its right. I think there must be some event generation with respect to redirection handler.This makes the redirection to occur mainly from the site and not from third party. Designing a list will be a good solution. Regards Adi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists