|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: XSS?
From: Tom Gallagher (tom
SecurityBugHunter.com)
Date: Tue Nov 15 2005 - 03:52:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This isn't exactly XSS, since you can't run script. They are taking your data
from the 'q' parameter and doing a 302 redirect on it. Like you point out,
this causes some confusion and phishers love stuff like this.
When you test pages that redirect, good test cases to try are HTTP Splitting
(http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf)
cases where you attempt to inject CRLFs.
Tom
Quoting Andrew Chan <quicktgmail.com>:
> I tried http://www.google.com/url?q=http://www.microsoft.com and it got
> directed. it seems that I received one such phishing email that makes
> use of this to obfuscate the actual URL lately.
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]