| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1873.59.94.211.191.1168013583.squirrel@dolphin.drvgv.com> Date: Fri, 5 Jan 2007 11:13:03 -0500 (EST) From: "Aditya Sood" <ZeroKnock@...aEye.Org> To: full-disclosure@...ts.grok.org.uk Subject: Advisory : Redirection Vulnerability In Versigin Weblogs Advisory : Redirection Vulnerability In Versigin Weblogs Expalantion: The weblogs is a verisign service for currently updating the blogs and provide requisite information to the users of specific blog which has been updated. The weblog can act as a base for redirection attacks because traffic gets easily redirected from the website. This ensures weakness in a way if the URL is used by the third party it still redirects the traffic.No doubt if the link is clicked from the website it directs to the required destination but if is filtered fully than third party wont set the redirection easily. But thats not a case here. Example : Get To Google Via Weblogs.com http://www.weblogs.com/clickthru?url=http://www.google.com The point is it should redirected to blogs only. It has already been reported to Verisign. For detail look up: http://zeroknock.blogspot.com/2007/01/verisign-weblogs-base-for-third-party.html Regards Zeroknock http://zeroknock.metaeye.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists