Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: redirection vuln crawlers breed & security through obscurity
From: Thomas Hochstein <ml () ancalagon inka de>
Date: Fri, 21 Apr 2006 11:54:44 +0200

Ivan Sergio Borgonovo schrieb:

I just came across such kind of code (php) written by a colegue:

//header.inc
if($_SESSION['UN']!='hardcoded_UN' or $_SESSION['UN']!='hardcoded_PW')
      header("Location: ./login.html");
//missing else to mitigate the problem!!
//HTML stuff here...

What about inserting a die() or exit() after the redirection? That
should solve the problem, I think.

Now some questions and a proposal:
- how safe is to rely on secrecy of the URL? I'm looking for a quantification of the risk, not a "it is a bad idea" ;)
 of course http://site/`pwgen -N1 30`/`pwgen -N1 30`.php is safer than http://site/admin/index.php. Any already made 
study? numbers?

I'd prefer to close the hole.

-thh


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]