Hello participants of Full-Disclosure! Additional information for those who read my article (and who still didn't they can do it) Redirectors: the phantom menace (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html).
In addition to previous 12 attacks via open redirectors this year I added three new attacks (and soon would add more). To before-mentioned attacks the redirectors also can be used: - For conducting of XSS attacks via PDF files, which I wrote about in post regarding Script Injection in Adobe Acrobat (http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00049.html). - For conducting of DoS attacks on browsers via redirection to mailto: URL, which I wrote about in post DoS in Firefox, Internet Explorer, Chrome, Opera and other browsers (http://websecurity.com.ua/4206/). This concerns both open redirectors and closed redirectors (http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070901.html). - For bypassing of restrictions on URL at HTML Injection attacks, particularly Link Injection. As in case of vulnerability at news.yahoo.com (http://websecurity.com.ua/3723/). In contrast to bypass of protection filters at using of closed redirectors (attack #10), in this case not external redirector is using, but internal one (at this site, or at the site from allowed list). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/