Open Redirection Vulnerability has been found on Cisco site cisco.com.
The URL: http://www.cisco.com/survey/exit.html?http://blogs.cisco.com/ is suffering form the flaw.
Threat: DOS Attack, Phishing.
The following URL will redirect a user to another site(eg: rediff.com).
The URL can be used for Phishing attack
http://www.cisco.com/survey/exit.html?http://rediff.com
This can be further escalated by mal-forming the link. Something like
the following can be used to cause the Denial of Service Attack:
http://www.cisco.com/survey/exit.html?//www.cisco.com/survey/exi
t.html?http://www.cisco.com/survey/exit.html?http://www.cisco.com/surve
y/exit.html?http://www.cisco.com/survey/exit.html?http://www.cisco.com/
survey/exit.html?http://rediff.com
Vendor Notification: Vendor was notified on January 03,2009.
They assured me that they will look in the matter but few days before it was 'unfixed'.
Posts
No comments:
Post a Comment