[WEB SECURITY] Redirectors: the phantom menace

MustLive mustlive at websecurity.com.ua
Mon Sep 14 07:57:18 EDT 2009


Hello participants of Mailing List.

How many attacks via redirectors do you know? There are many of them and all
of redirectors (open) in Web can be used to conduct many of these attacks.

Last week I wrote the article Redirectors: the phantom menace
(http://websecurity.com.ua/3495/), where I wrote about different variants of
attacks with using of redirectors. It’s anthology of attacks with using of
redirectors. The article is designed to draw attention of people to dangers
of redirectors.

Attacks via redirectors:

* Redirection.
* HTTP Response Splitting and XSS (via HTTP Response Splitting) attacks.
* Full path disclosure attacks.
* Bypass of spam-filters.
* Bypass of flash restrictions.
* XSS attack via jar: URI in Firefox.
* Attack on Google Toolbar.
* CSRF attacks on a site.
* Hidden attacks on other sites.
* Image leakage in Firefox.
* Denial of Service attacks.
* Cross-Site Scripting attacks.

You can read the article Redirectors: the phantom menace at my site:
http://websecurity.com.ua/3495/

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list