|
Replies:
7
-
Pages:
1
-
Last Post:
Nov 21, 2009 10:50 AM
by: albelaa
|
|
|
Posts:
2
Registered:
4/9/08
|
|
|
|
Redirection vulnerability ?
Posted:
Apr 9, 2008 7:37 AM
|
|
Hi,
Is there any workaround for this behavior ?
This url:
http://search.ultraseek.com/cs.html?charset=utf-8&url=http%3A//www.google.com
redirect to www.google.com.
It should possible to restrict either the domain(s) of the redirection or to add a signature mechanism to prohibit the url modification as done by yahoo or others:
http://rds.yahoo.com/_ylt=A0geu8.vgvxHJQEA5v5XNyoA;_ylu=X3oDMTEzZHNub3Y5BHNlYwNzcgRwb3MDMQRjb2xvA2FjMgR2dGlkA0RGUjVfMTIw/SIG=118hdqnin/EXP=1207817263/**http%3a//www.test.com/
This weakness can lead to a site phishing or other abuse.
|
|
Posts:
54
Registered:
6/27/05
|
|
|
|
Re: Redirection vulnerability ?
Posted:
Apr 9, 2008 10:02 AM
in response to:
buzzy
|
|
We use a "white list" when handling this type of redirection.
|
|
Posts:
2
Registered:
4/9/08
|
|
|
|
Re: Redirection vulnerability ?
Posted:
Apr 10, 2008 12:36 AM
in response to:
buzzy
|
|
Thanks, but can I you explain how you do it ?
|
|
Posts:
54
Registered:
6/27/05
|
|
|
|
Re: Redirection vulnerability ?
Posted:
Apr 10, 2008 2:33 PM
in response to:
buzzy
|
|
Basically, you have code that reads the input parameter that identifies the new target. In your example, that input parameter would be "url".
Then the value is compared to a "white list" -- probably a defined list of domain names that are considered safe. So that list might include "google.com", and "yahoo.com" and others.
If the value of "url" matches something on the "white list", the code allows the redirect to occur. If no match is found, the code generates some kind of error page rather than forcing the redirect.
Another possible way to do this, without needing a "white list", is to take the value of "url" and run a query for it. If you find it in your search engine (or whatever search engine you run the query against), then consider it a valid URL and perform the redirect. If you don't find it, assume it's a bad URL and don't do the redirect.
|
|
Posts:
1
Registered:
6/2/09
|
|
|
|
Re: Redirection vulnerability ? [possible solution]
Posted:
Jun 2, 2009 9:08 AM
in response to:
buzzy
|
|
I just deleted cs.html seems to have worked and I don't have any undesirable side effects.
I also added a robots.txt that disallows other search engines from using my search engine.
|
|
Posts:
1
Registered:
6/28/09
|
|
|
|
Re: Redirection vulnerability ? [possible solution]
Posted:
Jun 28, 2009 3:18 AM
in response to:
searchdude
|
|
Yep, just deleting the cs and disallowing through the robots txt worked for me too.
Regards,
David
|
|
Posts:
1
Registered:
8/24/09
|
|
|
|
Re: Redirection vulnerability ?
Posted:
Aug 24, 2009 12:15 PM
in response to:
buzzy
|
|
Autonomy Ultraseek is a search engine. Ultraseek has also been known as Verity.
The application is prone to a remote URI-redirection vulnerability because it fails to properly sanitize user-supplied input to the 'url' parameter of the 'cs.html' script.
An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks.
Message was edited by: dscanland
|
|
Posts:
1
From:
Dhaka
Registered:
11/21/09
|
|
|
|
Re: Redirection vulnerability ?
Posted:
Nov 21, 2009 10:50 AM
in response to:
buzzy
|
|
Then the value is compared to a "white list" -- probably a defined list of domain names that are considered safe. So that list might include "google.com", and "yahoo.com" and others.
If the value of "url" matches something on the "white list", the code allows the redirect to occur. If no match is found, the code generates some kind of error page rather than forcing the redirect.
Another possible way to do this, without needing a "white list", is to take the value of "url" and run a query for it. If you find it in your search engine (or whatever search engine you run the query against), then consider it a valid URL and perform the redirect. If you don't find it, assume it's a bad URL and don't do the redirect.
[url=http://productreviewsby.me/instyler/] instyler [/url]
|
|
|
|
|
