Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Potential XSS errors when using information from HTTP requests

from [Jeff Williams] Network Security [Permanent Link]
Subject: Re: Potential XSS errors when using information from HTTP requests
Date: Sun, 17 Oct 2004 21:36:36 -0400 
Wide open redirectors should be avoided. We see these frequently in
applications that redirect to error pages, login pages, and other parts of
the application.

An attacker can use these to redirect a user's browser to anywhere without
validation.  So they're just asking to be abused by pfishers.  Gives the
pfisher a bit of credibility since the real application did the redirecting.

If you're redirecting, make sure you 1) validate the targets carefully, and
2) remember that the redirect goes through the user's browser and can be
changed. Don't trust anything from an HTTP request, even if it came from a
redirect.

--Jeff

Jeff Williams
Aspect Security, Inc.
http://www.aspectsecurity.com

----- Original Message ----- 
From: "V.Benjamin Livshits" <livshits@cs.stanford.edu>
To: <webappsec@securityfocus.com>
Sent: Saturday, October 16, 2004 5:27 PM
Subject: Potential XSS errors when using information from HTTP requests



I've been seeing a lot of redirects like the ones below in J2EE
programs.

1. response.sendRedirect(request.getParameter("REFERRER"));

2. response.sendRedirect(request.getRequestURI());

3. response.sendRedirect(request.getServletPath() + toPath);

Since the URL the user is being redirected to comes from the HTTP
header, I was wondering if forging parts of the header may lead to a
cross-site scripting exploit of some sort. Clearly, it would be
dangerous to use this data as part of SQL statements. However, I have
trouble imagining XSS exploit scenarios.

Thanks,

-Ben
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Potential XSS errors when using information from HTTP requests, Calderon, Juan Carlos (GE Commercial Finance, NonGE)
Next by Date:  RE: Hacking/security in main-stream media, Chacon, Oscar
Previous by Thread:  Re: Potential XSS errors when using information from HTTP requests, Paul Johnston
Next by Thread:  RE: Potential XSS errors when using information from HTTP requests, Calderon, Juan Carlos (GE Commercial Finance, NonGE)
Indexes:  [Date] [Thread] [Top] [All Lists]