Full Disclosure mailing list archives

nVidia.com [Url Redirection flaw]

From: Lorenzo Vogelsang <vogelsang.lorenzo () gmail com>
Date: Tue, 24 Mar 2009 15:13:21 +0100

Hi all, i'm new to the list. I'm an italian student who likes security
topics in the I.C.T world..

Browsing the nVdia web sites, i have found a very basic Url redirection
flaw. Infact when downloading a driver i get Urls like this:


http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_notebook_winxp_64bit_beta.exe

and connecting to this another Url


http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://www.google.it


will redirects succefully to www.google.it! (or other web site of your
choice , or downloadble content..)


Enjoy!

Lorenzo Vogelsang.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)
  - nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
    - Re: nVidia.com [Url Redirection flaw] Valdis . Kletnieks (Mar 25)
- <Possible follow-ups>
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
  - Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
    - Re: nVidia.com [Url Redirection flaw] yersinia (Mar 25)
    - Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 25)
    - Re: nVidia.com [Url Redirection flaw] Chris Evans (Mar 25)
    - Re: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
    - Re: nVidia.com [Url Redirection flaw] Nick FitzGerald (Mar 26)

(Thread continues...)