lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200303221935.h2MJZW919469@web178.megawebservers.com>
From: http-equiv at malware.com (http-equiv@...ite.com)
Subject: Fw: CERT: Vulnerability in web redirectors


http://shorterlink.com/?7WVJZ7

----- Original Message ----- 

Like this one?:
--------------------
http://srd.yahoo.com/S=2766679:WS1/R=1/K=microsoft+sux/H=0/T=104835750
0/F=131cc5f493bf26b0a115b6debc24d362/*http://www.cryptome.org
--------------------
(may be wrapped)

Georgi

Kurt Seifried wrote:
> Like hack4life stated this is a pretty well known problem. Solving 
it isn't
> to hard. Legitimate clients will send an HTTP referer, thus for some
> unsuspecting user who clicks on a redirect link in an email they 
will send a
> blank referer, or off a website that referer. So simply add some 
logic in
> your script to check the referer, a quick and dirty in php for 
example (yes,
> this code is horrible and ugly, but it's a reasonably clear 
example):
> 
> <HTML>
> <HEAD>
> <TITLE>You are now leaving example.org</TITLE>
> <?php
> if (preg_match ("/example\.org\//i", $_SERVER["HTTP_REFERER"] )) {
> 
>   print "<META http-equiv=\"refresh\" content=\"1;URL=";
>   echo $_SERVER["QUERY_STRING"];
>   print "\">";
>   print "</HEAD>";
>   print "<BODY bgcolor=\"#ffffff\">";
>   print "<P>[1] Redirecting you to:";
>   print "<A HREF=\"";
>   echo $_SERVER["QUERY_STRING"];
>   print "\">";
>   echo $_SERVER["QUERY_STRING"];
>   print "</A>, if it doesn't work click on the link.</P>";
>   print "<P>";
>   echo $_SERVER["HTTP_REFERER"];
>   print "</P>";
> } else {
>   print "</HEAD>";
>   print "<BODY bgcolor=\"#ffffff\">";
>   print "<P>Someone has tried to use this site's web redirector in 
an
> attempt to make a link appear legitimate.</P>";
> }
> ?>
> 
> Obviously this is not bullet proof, anyone who hacks their client 
to send
> fake referer's can get around it, but then we aren't trying to 
block that
> kind of person, we're simply trying to prevent widespread abuse by a
> spammer/etc.
> 
> 
> Kurt Seifried, kurt@...fried.org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
> 

-- 
http://www.malware.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ