[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00d601cc86c6$6412c4e0$9b7a6fd5@ml>
Date: Sun, 9 Oct 2011 23:57:49 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Google Arbitrary URL Redirect Vulnerability
Hello YGN Ethical Hacker Group!
Few notes concerning your advisory Google: Malware URL Redirection (Google Arbitrary URL Redirect Vulnerability) (http://bl0g.yehg.net/2011/08/google-malware-url-redirection-google.html).
In 2008 (23.01.2008) I've already wrote about 11 redirectors of Google (http://websecurity.com.ua/1766/) - after I wrote about multiple Google's redirectors in 2007 in my Month of Search Engines Bugs project. Some of them repeat previously disclosed redirectors, but most are new ones (which I've found in 2007). After that time Google fixed most of them, except two ones (and of course, like it often take place with Google, they fixed them hiddenly without thanking people, who bring their and everyone attention to vulnerabilities at Google's sites).
Among those redirectors, which I've disclosed in 2008, two are still working (one works automatically and one requires hash, which can be easily bypassed, as you wrote in your advisory in details). One of them, which requires hash, it's exactly the same redirector, which you wrote about in your advisory.
Another one, which still works and automatically (without hashes):
http://www.google.com/search?q=websecurity.com.ua&btnI=websecurity.com.ua
So Google made some work to fix redirectors (URL Redirector Abuse) at their sites. But there are places for improvements ;-) (and they need to handle with these two redirectors).
For Google (if they are not sure to fix them or not) and for those who are interested in this class of vulnerabilities I'm recommending to read corresponding articles:
URL Redirector Abuse (WASC-38) in WASC 2.0
http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse
Redirectors: the phantom menace
http://websecurity.com.ua/3495/
Attacks via closed redirectors
http://websecurity.com.ua/3531/
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists