Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: NewOrder.box.sk Inherits Severe RedirectionVulnerability
From: "Nikolay Kichukov" <hijacker () oldum net>
Date: Thu, 29 Mar 2007 18:37:54 +0300

Hello there,
I've read the article, but I still do not see where the severe redirection
vulnerability is. Is this not a feature of the neworder.box.sk web site to
allow anyone to be redirected to anypage they submit to redirect.php?

Thanks,
-Nikolay Kichukov


----- Original Message ----- 
From: "Aditya K Sood" <zeroknock () metaeye org>
To: <full-disclosure () lists grok org uk>
Sent: Wednesday, March 28, 2007 8:49 PM
Subject: [Full-disclosure] NewOrder.box.sk Inherits Severe
RedirectionVulnerability


Hi

Previous Rootkit.com Vulnerability have been patched.
The neworder.box.sk is famous security website.It inherits very specific
redirection attacks. The domain forwarding or URL forwarding not only
directly possible through the website but can be called from third party
directly.

A very generic analysis have been undertaken based on search engine
specification.Look into the issues at:

http://zeroknock.blogspot.com/2007/03/neworderboxsk-inherits-severe.html
http://zeroknock.metaeye.org/analysis/neworder_red.xhtml

Regards
Zeroknock
http://zeroknock.metaeye.org/mlabs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault