[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Advisory: Redirection Bug In Feeds.MSN

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Advisory: Redirection Bug In Feeds.MSN
From: Metaeye <contact@xxxxxxxxxxx>
Date: Tue, 28 Nov 2006 13:51:55 +0530

Vendor: MSN
Severity: Critical
Dated: 20 November 2006

Explanation:

The feeds.msn website possesses a typical redirection vulnerability.
The attacker can manipulate this vulnerability to leverage third party
attacks. The traffic can be redirected to the desired destination of
attacker's choice.

Website:
http://feeds.msn.com/content/ca/framesite/frmredir.asp?m=<url>

You can check the redirection
http://feeds.msn.com/content/ca/framesite/frmredir.asp?m=www.google.com";

Vendor Status: Reported.
               No Response.
               Not patched.

--
MSG
http://www.metaeye.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] SSH brute force blocking tool
Next by Date: [Full-disclosure] ProFTPD mod_tls pre-authentication buffer overflow
Previous by thread: Re: [Full-disclosure] FWD: RE: [Dailydave] Symantec Blackberry Whitepaper. (fwd)
Next by thread: [Full-disclosure] ProFTPD mod_tls pre-authentication buffer overflow
Index(es):
- Date
- Thread