Referer checking will not stop open redirects you must create a whitelist. Consider the following
http://site/script?u=http://site/script?u=http://cnn.com It will hit the script, redirect back to itself set the referer header then continue. - Robert http://www.cgisecurity.com/ Application security news and more. http://www.cgisecurity.com/index.rss [RSS Feed] > > Hello Aditya, > I see your point there. Hope they get it fixed. Should the patch involve > some referrer checking? > > Regards, > -Nikolay Kichukov > > ----- Original Message ----- > From: "Aditya K Sood" <[EMAIL PROTECTED]> > To: "Nikolay Kichukov" <[EMAIL PROTECTED]>; > <full-disclosure@lists.grok.org.uk> > Sent: Thursday, March 29, 2007 7:40 PM > Subject: Re: [Full-disclosure] NewOrder.box.sk Inherits Severe > RedirectionVulnerability > > > > Nikolay Kichukov wrote: > > > Hello there, > > > I've read the article, but I still do not see where the severe > redirection > > > vulnerability is. Is this not a feature of the neworder.box.sk web site > to > > > allow anyone to be redirected to anypage they submit to redirect.php? > > > > > > Thanks, > > > -Nikolay Kichukov > > > > > > > > > ----- Original Message ----- > > > From: "Aditya K Sood" <[EMAIL PROTECTED]> > > > To: <full-disclosure@lists.grok.org.uk> > > > Sent: Wednesday, March 28, 2007 8:49 PM > > > Subject: [Full-disclosure] NewOrder.box.sk Inherits Severe > > > RedirectionVulnerability > > > > > > > > > > > >> Hi > > >> > > >> Previous Rootkit.com Vulnerability have been patched. > > >> The neworder.box.sk is famous security website.It inherits very > specific > > >> redirection attacks. The domain forwarding or URL forwarding not only > > >> directly possible through the website but can be called from third > party > > >> directly. > > >> > > >> A very generic analysis have been undertaken based on search engine > > >> specification.Look into the issues at: > > >> > > >> > http://zeroknock.blogspot.com/2007/03/neworderboxsk-inherits-severe.html > > >> http://zeroknock.metaeye.org/analysis/neworder_red.xhtml > > >> > > >> Regards > > >> Zeroknock > > >> http://zeroknock.metaeye.org/mlabs > > >> > > >> _______________________________________________ > > >> Full-Disclosure - We believe in it. > > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >> Hosted and sponsored by Secunia - http://secunia.com/ > > >> > > >> > > > > > > > > > > > Hi nikolay > > > > Thats where the thinking is bit off side. > > Remember there > > is lot of difference between redirection occurs from the main website > > through generating event and the redirection that occurs from the third > > party.It will be okay to the feature context if the redirection supports > > only from the website. > > > > More precisely a search engine check is performed at the top to show > > that the page is not subjected as standard page for redirection. If its > > a feature than it must not be redirected from the third party. > > > > Thats All. > > > > Regards > > Adi > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/