Cisco.com Open Redirection Vulnerability


Open Redirection Vulnerability has been found on Cisco site cisco.com.



The URL: http://www.cisco.com/survey/exit.html?http://blogs.cisco.com/ is suffering form the flaw.

Threat: DOS Attack, Phishing.

The following URL will redirect a user to another site(eg: rediff.com).
The URL can be used for Phishing attack
http://www.cisco.com/survey/exit.html?http://rediff.com


This can be further escalated by mal-forming the link. Something like
the following can be used to cause the Denial of Service Attack:
http://www.cisco.com/survey/exit.html?//www.cisco.com/survey/exi
t.html?http://www.cisco.com/survey/exit.html?http://www.cisco.com/surve
y/exit.html?http://www.cisco.com/survey/exit.html?http://www.cisco.com/
survey/exit.html?http://rediff.com

Vendor Notification: Vendor was notified on January 03,2009.
They assured me that they will look in the matter but few days before it was 'unfixed'.

Comments

Popular posts from this blog

SQL Injection in search field

Nipper Download