mailing list archives
Re: Facebook URL Redirect Vulnerability
From: Andrew Farmer <andfarm () gmail com>
Date: Wed, 2 Mar 2011 11:38:07 -0800
On 2011-03-02, at 06:30, Nathan Power wrote:
There are 3 different steps to perform an attack using a URL redirect: 1)
trick the user 2) redirect 3) exploit .. We are using a Facebook URL to
trick the user, we are using the URL redirect as the catalyst to perform an
Here are some examples of the types of attacks you can perform with a URL
How would you have written the impact section?
Something like this:
An attacker may obfuscate the target of a link, potentiating phishing attacks and/or bypassing some simple URL
Or something of the sort. The actual target of the link isn't obscured in the URL, so it's not even particularly
convincing if the URL is displayed in plain text.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/