[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Google open redirect

To: Luis Santana <hacktalkblog@xxxxxxxxx>
Subject: Re: [Full-disclosure] Google open redirect
From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Date: Thu, 8 Dec 2011 01:13:02 -0800

> For example: did you know that if you click on a link from coredump.cx
> to microsoft.com and it opens in a new window, then a second or two
> later, that coredump.cx in the background can change the URL of the
> microsoft.com window, and point it to evil.com? Heck, coredump.cx can
> even wait until you navigate further down the microsoft.com website -
> and detect that event programmatically. That behavior is enshrined
> within the current design of the same-origin policy, and browser
> vendors seem hesitant to touch it.

Here's a tiny PoC:
http://lcamtuf.coredump.cx/switch/

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Google open redirect
  - From: Dave

References:
- [Full-disclosure] Google open redirect
  - From: secure poon
- Re: [Full-disclosure] Google open redirect
  - From: Nick FitzGerald
- Re: [Full-disclosure] Google open redirect
  - From: Michal Zalewski
- Re: [Full-disclosure] Google open redirect
  - From: Luis Santana
- Re: [Full-disclosure] Google open redirect
  - From: Michal Zalewski

Prev by Date: Re: [Full-disclosure] Google open redirect
Next by Date: Re: [Full-disclosure] Google open redirect
Previous by thread: Re: [Full-disclosure] Google open redirect
Next by thread: Re: [Full-disclosure] Google open redirect
Index(es):
- Date
- Thread