From: Ivan Krstic (krstic@fas.harvard.edu)
Date: Wed Aug 18 2004 - 14:02:09 EDT
ramatkal@hotmail.com wrote:
> During a recent Application pen test I came across a url of the form:
> http://www.vulnsite.com/cgi-bin/vulnscript.jsp?url=www.website.com&id=12345
[...]
> This means that my browser is loading the url parameter as opposed to
> the webserver script fethching the url and then displaying it for me
> in my browser right? Is this a security issue?
This type of URL construct is widely used for site exit scripts, either
to just warn the user he's about to navigate off-site, disclaim
responsibility for outside content (a number of .gov sites do this) or
to keep a tally on where the users are headed. It doesn't represent a
threat unless, as you mention, the server actually fetches the
referenced page and does something with it, which is unlikely.
Cheers,
Ivan.
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT