[Owasp-turkey] google open redirect

Bedirhan Urgun bedirhanurgun at gmail.com
Tue Aug 2 02:10:06 EDT 2011


Merhaba,
Malumunuz, Google'in open redirect'leri var. Mesela "Kendimi Sansli
Hissediyorum" bunlardan biri ama cok etkili olmayabilir. Bazilari;

Baska bir tane;
http://www.google.com/search?btnI&q=allinurl:http://www.yahoo.com [1]
Bir tane daha; http://www.google.com/sorry/?continue=http://google.wp%252epl
[2]
*duzeltilmis*
Bir tane daha;
http://www.google.com/history/url?url=http://www.bonsai-sec.com [3] *
duzeltilmis*

Bi tane de benden;
http://www.google.com.tr/search?q=cache%3Awebguvenligi.org (IE8 ve FF 3.6 da
denedim)
yukaridakinin calismasi icin cache'lenen sayfanin frame-busting code veya
meta refresh gibi bir redirector'u olmali.

En guzeli ama su link
http://www.google.com/support/webmasters/bin/answer.py?answer=171297&&hl=



[1] http://packetstormsecurity.org/files/97893/Google-Open-Redirect.html
[2] http://seclists.org/fulldisclosure/2011/Jul/318
[3] http://www.bonsai-sec.com/blog/index.php/tag/open-redirection/

bedirhan
-------------- sonraki bölüm --------------
Bir HTML eklentisi temizlendi...
URL: https://lists.owasp.org/pipermail/owasp-turkey/attachments/20110802/0c14010c/attachment.html 


More information about the Owasp-turkey mailing list