Re: redirection vuln crawlers breed & security through obscurity

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: redirection vuln crawlers breed & security through obscurity
From: Thomas Hochstein <ml@xxxxxxxxxxxxxxxxx>
Date: Fri, 21 Apr 2006 11:54:44 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Sztable of the Szlauszaf
References: <20060415144650.280d73cf.mail@xxxxxxxxxxxxxxx>
User-agent: ForteAgent/2.0-32.652 Hamster/2.0.6.0

Ivan Sergio Borgonovo schrieb:

> I just came across such kind of code (php) written by a colegue:
>
> //header.inc
> if($_SESSION['UN']!='hardcoded_UN' or $_SESSION['UN']!='hardcoded_PW')
>       header("Location: ./login.html");
> //missing else to mitigate the problem!!
> //HTML stuff here...

What about inserting a die() or exit() after the redirection? That
should solve the problem, I think.

> Now some questions and a proposal:
> - how safe is to rely on secrecy of the URL? I'm looking for a quantification 
> of the risk, not a "it is a bad idea" ;)
>  of course http://site/`pwgen -N1 30`/`pwgen -N1 30`.php is safer than 
> http://site/admin/index.php. Any already made study? numbers?

I'd prefer to close the hole.

-thh

References:
- redirection vuln crawlers breed & security through obscurity
  - From: Ivan Sergio Borgonovo

Prev by Date: FlexBB 0.5.5 Exploit [ function/showprofile.php ] Remote SQL Injection
Next by Date: Yahoo! Mail XSS Vulnerability
Previous by thread: redirection vuln crawlers breed & security through obscurity
Next by thread: RE: redirection vuln crawlers breed & security through obscurity
Index(es):
- Date
- Thread