Yassine ABOUKIR added the comment:
Any updates concerning this issue ? is it going to be fixed or at least modify
the documentation in order to warn developers about this behaviour ?
--
___
Python tracker
<http://bugs.python.org/issue23
Yassine ABOUKIR added the comment:
From: Amos Jeffries
Date: Fri, 06 Mar 2015 14:09:55 +1300
On 6/03/2015 10:42 a.m., cve-assign () mitre org wrote:
We think that the issue reduces to the question of whether it's
acceptable for urlparse to provide inconsistent information abou
Yassine ABOUKIR added the comment:
From: cve-assign () mitre org
Date: Thu, 5 Mar 2015 16:42:02 -0500 (EST)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We think that the issue reduces to the question of whether it's
acceptable for urlparse to provide inconsistent information abou
Yassine ABOUKIR added the comment:
"Following the syntax specifications in RFC 1808, urlparse recognizes a netloc
only if it is properly introduced by ‘//’. Otherwise the input is presumed to
be
a relative URL and thus to start with a path component."
https://docs.python.org
Yassine ABOUKIR added the comment:
I am not quiet sure about the first proposal but I strongly believe the
appropriate method to fix this is by checking if the path starts with double
slashes and then URL encoding the two leading slashes
Yassine ABOUKIR added the comment:
When you directly type //evil.com or evil.com in Firefox URL bar you will
be redirect to evil.com and that is very known, read this :
http://homakov.blogspot.com/2014/01/evolution-of-open-redirect-vulnerability.html
Here is a video demonstration of the
Yassine ABOUKIR added the comment:
Yes, exploiting this bug an attacker may redirect a specific vitim to a
malicious website, in our case evil.com
>>> x = urlparse("evil.com")
///evil.com will be parsed as relative-path URL which is the correct expected
beh
Yassine ABOUKIR added the comment:
For your information, this security issue has been assigned a CVE ID :
CVE-2015-2104
--
___
Python tracker
<http://bugs.python.org/issue23
Changes by Yassine ABOUKIR :
--
nosy: +benjamin.peterson, pitrou, python-dev
___
Python tracker
<http://bugs.python.org/issue23505>
___
___
Python-bugs-list mailin
New submission from Yassine ABOUKIR:
The module urlparse lacks proper validation of the input leading to open
redirect vulnerability.
The issue is that URLs do not survive the round-trip through
`urlunparse(urlparse(url))`. Python sees `/foo.com` as a URL with no
hostname or scheme and
10 matches
Mail list logo