Bugtraq mailing list archives
Re: redirection vuln crawlers breed & security through obscurity
From: Thomas Hochstein <ml () ancalagon inka de>
Date: Fri, 21 Apr 2006 11:54:44 +0200
Ivan Sergio Borgonovo schrieb:
I just came across such kind of code (php) written by a colegue: //header.inc if($_SESSION['UN']!='hardcoded_UN' or $_SESSION['UN']!='hardcoded_PW') header("Location: ./login.html"); //missing else to mitigate the problem!! //HTML stuff here...
What about inserting a die() or exit() after the redirection? That should solve the problem, I think.
Now some questions and a proposal: - how safe is to rely on secrecy of the URL? I'm looking for a quantification of the risk, not a "it is a bad idea" ;) of course http://site/`pwgen -N1 30`/`pwgen -N1 30`.php is safer than http://site/admin/index.php. Any already made study? numbers?
I'd prefer to close the hole. -thh
Current thread:
- redirection vuln crawlers breed & security through obscurity Ivan Sergio Borgonovo (Apr 19)
- Re: redirection vuln crawlers breed & security through obscurity Thomas Hochstein (Apr 23)
- <Possible follow-ups>
- RE: redirection vuln crawlers breed & security through obscurity Evans, Arian (Apr 19)