| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Mar 2009 15:21:42 +0100 From: Lorenzo Vogelsang <vogelsang.lorenzo@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: nVidia.com [Url Redirection flaw] Yes i've notice that is also vulnerable to Xss.. In fact this link : http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=%22%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E will succefully popup an "xss" alert message. Moreover i've checked Xssed.com and i saw that a Xss flaw(not url redirection) was already been found by st@...t ( http://www.xssed.com/mirror/25632/ ) in 17/11/2007. Nevertheless i think that nvidia was not aware of any vulnerabilities until the day in which I alerted the admin to the url redirection on nvidia.com (or nvidia is very slow to solve problems, but i don't wanna do thnik so.. :) ). In fact he answer me that a bug report was opened and that his team is working to solve the problem. Despite i've told to nvidia only the "url redirection" flaw i think that, if "url redirection" will be solved all the xss inherently vulnerabilites will be solved too. Regards Lorenzo Vogelsang. ---------- Forwarded message ---------- From: Martin Aberastegue <xyborg@...il.com> Date: Wed, 25 Mar 2009 10:48:24 -0300 Subject: Re: [Full-disclosure] nVidia.com [Url Redirection flaw] To: Lorenzo Vogelsang <vogelsang.lorenzo@...il.com> Cc: full-disclosure@...ts.grok.org.uk Well, we have a XSS too, just put whatever you want on the variable "url" closing first the meta refresh tag, i.e: http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url="><iframe src="http://www.yahoo.com/" with="100%" height=600></iframe><!-- Since nVidia is a trusted site some people could use it to spread malware directly from there. This is just a simple redirection issue and nVidia may have to correct this ASAP, even if they are just "graphics vendors". Regards. --- Martin Aberastegue http://www.martinaberastegue.com/ On Tue, Mar 24, 2009 at 11:13 AM, Lorenzo Vogelsang <vogelsang.lorenzo@...il.com> wrote: > Hi all, i'm new to the list. I'm an italian student who likes security > topics in the I.C.T world.. > > Browsing the nVdia web sites, i have found a very basic Url redirection > flaw. Infact when downloading a driver i get Urls like this: > > > http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_notebook_winxp_64bit_beta.exe > > and connecting to this another Url > > > http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://www.google.it > > > will redirects succefully to www.google.it! (or other web site of your > choice , or downloadble content..) > > > Enjoy! > > Lorenzo Vogelsang. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists