Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

phpMyID can act as a redirector and as headers injector
From: atomo64 () gmail com
Date: 30 Sep 2008 00:55:49 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: phpMyID can act as a redirector and as headers injector
Credits: Raphael Geissert <atomo64 () gmail com>
Release date: 2008-10-27
Affects: v0.9 [23-Jul-2008]

Resources:
    * Homepage: http://siege.org/projects/phpMyID/
    * Demo: http://phpmyid.com

Background:
    phpMyID is a single user OpenID identity provider implemented in PHP.

Problem description:
    The MyID.php script does not sanitize the input it is supposed to be given
    by the site where the user wants to be authenticated. When the site would
    try to know whether the user is authenticated at the identity provider, and
    the identity does not exist, the user would be redirected to whatever site
    is specified (or inject headers, when php << 4.4.2 or php >= 5 && << 5.1.2).

Impact:
    A user can be tricked and redirected to its vulnerable identity provider,
    place where the user will be redirected (and/or headers will be injected).

Example exploit:
    MyID.php?openid_return_to=http://www.ecocho.com&openid_mode=checkid_immediate
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjeok8ACgkQYy49rUbZzlp5fQCffp1xO3Ox3cZmbmRKR+yRIfzX
9jEAn1xz7fMhQVX4DtmO2WOUPA8gafyU
=fwM6
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
  • phpMyID can act as a redirector and as headers injector atomo64 (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]