|
WebApp Sec
mailing list archives
Re: Potential XSS errors when using information from HTTP requests
From: "Jeff Williams" <jeff.williams () aspectsecurity com>
Date: Sun, 17 Oct 2004 21:36:36 -0400
Wide open redirectors should be avoided. We see these frequently in
applications that redirect to error pages, login pages, and other parts of
the application.
An attacker can use these to redirect a user's browser to anywhere without
validation. So they're just asking to be abused by pfishers. Gives the
pfisher a bit of credibility since the real application did the redirecting.
If you're redirecting, make sure you 1) validate the targets carefully, and
2) remember that the redirect goes through the user's browser and can be
changed. Don't trust anything from an HTTP request, even if it came from a
redirect.
--Jeff
Jeff Williams
Aspect Security, Inc.
http://www.aspectsecurity.com
----- Original Message -----
From: "V.Benjamin Livshits" <livshits () cs stanford edu>
To: <webappsec () securityfocus com>
Sent: Saturday, October 16, 2004 5:27 PM
Subject: Potential XSS errors when using information from HTTP requests
I've been seeing a lot of redirects like the ones below in J2EE
programs.
1. response.sendRedirect(request.getParameter("REFERRER"));
2. response.sendRedirect(request.getRequestURI());
3. response.sendRedirect(request.getServletPath() + toPath);
Since the URL the user is being redirected to comes from the HTTP
header, I was wondering if forging parts of the header may lead to a
cross-site scripting exploit of some sort. Clearly, it would be
dangerous to use this data as part of SQL statements. However, I have
trouble imagining XSS exploit scenarios.
Thanks,
-Ben
 By Date 
By Thread
Current thread:
|
Intro
