Home page logo
/

bugtraq logo Bugtraq mailing list archives

Filters on url shortening services
From: Andrew Hodgson <andrew () hodgsonfamily org>
Date: Mon, 07 Oct 2002 19:36:55 +0100

Hi,

A while ago I was made aware of services such as <www.tinyurl.com>,
which will shorten a long url into a shorter one, such as:

<http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear () mm remo
val.tool.html>

to
<http://tinyurl.com/1qoo>

I can see two problems with this type of system, both of which I have
contacted the <info () tinyurl com> about, but have not yet received a
response.

The first being that there is no mention of how long these "shortened"
urls stay active on their system; for example, if I was to create a
url to a document on another server, and someone mistyped in the
tinyurl address for some reason, they may end up at this document
which may or may not be sensitive.

The second is that anyone can create any url, and the user knows very
little about what they are clicking on.  I tried entering in the url
to activate the Windows XP help center exploit into the url box and
the system went ahead and shortened the url without any problem.

Resolution:

I believe that these problems could be resolved with both the addition
of some public statement regarding the TTL of the shortened url, or
even better, a user definable TTL for the URL.  As for the second
problem, I believe that certain urls should be filtered before being
processed.

Andrew Hodgson.

-- 
Andrew Hodgson, Bromyard, Herefordshire, UK.
Email: Andrew () hodgsonfamily org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]