Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  rPSA-2008-0286-1 mono

  Printlog <= 0.4: Remote File Edition Vulnerability

  [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues

  Remote File Inclusion Vulnerability

From:Raphael Geissert <atomo64_(at)_gmail.com>
Date:2 октября 2008 г.
Subject:phpMyID can act as a redirector and as headers injector

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: phpMyID can act as a redirector and as headers injector
Credits: Raphael Geissert <[email protected]>
Release date: 2008-10-27
Affects: v0.9 [23-Jul-2008]

Resources:
   * Homepage: http://siege.org/projects/phpMyID/
   * Demo: http://phpmyid.com

Background:
   phpMyID is a single user OpenID identity provider implemented in PHP.

Problem description:
   The MyID.php script does not sanitize the input it is supposed to be given
   by the site where the user wants to be authenticated. When the site would
   try to know whether the user is authenticated at the identity provider, and
   the identity does not exist, the user would be redirected to whatever site
   is specified (or inject headers, when php << 4.4.2 or php >= 5 && << 5.1.2).

Impact:
   A user can be tricked and redirected to its vulnerable identity provider,
   place where the user will be redirected (and/or headers will be injected).

Example exploit:
   MyID.php?openid_return_to=http://www.ecocho.com&openid_mode=checkid_immediate
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjeok8ACgkQYy49rUbZzlp5fQCffp1xO3Ox3cZmbmRKR+yRIfzX
9jEAn1xz7fMhQVX4DtmO2WOUPA8gafyU
=fwM6
-----END PGP SIGNATURE-----

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород