[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Google Arbitrary URL Redirect Vulnerability

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Google Arbitrary URL Redirect Vulnerability
From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
Date: Sun, 9 Oct 2011 23:57:49 +0300

Hello YGN Ethical Hacker Group!

Few notes concerning your advisory Google: Malware URL Redirection (Google 
Arbitrary URL Redirect Vulnerability) 
(http://bl0g.yehg.net/2011/08/google-malware-url-redirection-google.html).

In 2008 (23.01.2008) I've already wrote about 11 redirectors of Google 
(http://websecurity.com.ua/1766/) - after I wrote about multiple Google's 
redirectors in 2007 in my Month of Search Engines Bugs project. Some of them 
repeat previously disclosed redirectors, but most are new ones (which I've 
found in 2007). After that time Google fixed most of them, except two ones (and 
of course, like it often take place with Google, they fixed them hiddenly 
without thanking people, who bring their and everyone attention to 
vulnerabilities at Google's sites).

Among those redirectors, which I've disclosed in 2008, two are still working 
(one works automatically and one requires hash, which can be easily bypassed, 
as you wrote in your advisory in details). One of them, which requires hash, 
it's exactly the same redirector, which you wrote about in your advisory.

Another one, which still works and automatically (without hashes):

http://www.google.com/search?q=websecurity.com.ua&btnI=websecurity.com.ua

So Google made some work to fix redirectors (URL Redirector Abuse) at their 
sites. But there are places for improvements ;-) (and they need to handle with 
these two redirectors).

For Google (if they are not sure to fix them or not) and for those who are 
interested in this class of vulnerabilities I'm recommending to read 
corresponding articles:

URL Redirector Abuse (WASC-38) in WASC 2.0
http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse

Redirectors: the phantom menace
http://websecurity.com.ua/3495/

Attacks via closed redirectors
http://websecurity.com.ua/3531/

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")
Next by Date: Re: [Full-disclosure] Some hash values
Previous by thread: [Full-disclosure] [ MDVSA-2011:145 ] libxml2
Next by thread: [Full-disclosure] Web Application back-doors Attack and Evasion .
Index(es):
- Date
- Thread