Full Disclosure mailing list archives
nVidia.com [Url Redirection flaw]
From: Lorenzo Vogelsang <vogelsang.lorenzo () gmail com>
Date: Tue, 24 Mar 2009 15:13:21 +0100
Hi all, i'm new to the list. I'm an italian student who likes security topics in the I.C.T world.. Browsing the nVdia web sites, i have found a very basic Url redirection flaw. Infact when downloading a driver i get Urls like this: http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_notebook_winxp_64bit_beta.exe and connecting to this another Url http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://www.google.it will redirects succefully to www.google.it! (or other web site of your choice , or downloadble content..) Enjoy! Lorenzo Vogelsang.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Valdis . Kletnieks (Mar 25)
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- <Possible follow-ups>
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] yersinia (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Chris Evans (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Nick FitzGerald (Mar 26)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)