您能在这里找到网络安全问题吗?
我有一个重定向到另一个网页的网页,如下所示:
http://www.myOtherServer.com/Sponsor.php?RedirectPage=http://mylink.com/whereIwasgoingtogo.html
然后 Sponsor.php 页面会显示一个广告,其中包含一个链接,其中显示“继续您的页面”,该链接链接到传入的 RedirectPage。 是否存在由此产生的安全/欺骗问题? 处理这个问题的最佳方法是什么? (请注意,用户未登录任何一个站点)
I have a webpage that redirects to another webpage like this:
http://www.myOtherServer.com/Sponsor.php?RedirectPage=http://mylink.com/whereIwasgoingtogo.html
Then the Sponsor.php page displays an ad with a link saying "Continue to your page" that links to the passed in RedirectPage. Are there security/spoofing issues that could come from this? What is the best way to handle this? (note that the user is not logged in to either site)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这是一个大问题。 如果我向您发送一个如下所示的链接:
您会想“哦,CNN,这是一个合法网站”,然后您将打开它并单击“继续您的页面”链接。 然后你就会进入网络上最恶心的色情网站之一,它会以巨大的洪亮男声向你所有的同事宣布“该死的我想要!@$@#$ 你的! (&¤&^$§ 直到我不能 ¡⌐^(!#~~&$^#!@$!!" 并且你必须向你的老板解释"我以为这是 CNN!”
这里的漏洞是您的声誉。像这样的盲目重定向是危险的。
而这只是一个漏洞。这样怎么样?
现在我已经对您的网站进行了 XSS 攻击并窃取了您用户的 cookie当然,您说没有登录信息,但是会话数据怎么样?或者当您稍后添加登录信息时,或者您公司中的其他人在用户登录后使用此页面。
It's a big problem. If I send you a link that looks like this:
You're going to think "Oh, CNN, that's a legit site", and you'll open it and click the 'Continue to Your Page' link. And then you'll be on one of the nastiest porn sites on the net and it'll have a giant booming male voice announcing to all your co-workers "Hot Damn I Want to !@$@#$ Your !(&¤&^$§ until I can't ¡⌐^(!#~~&$^#!@$!!" and you'll have to explain to your boss "I thought it was CNN!"
The hole here is your reputation. Blind redirects like this are dangerous.
And that's just one hole. How about this?
Now I've XSS-ed your site and stolen your user's cookies. Sure, you say there's no login info, but how about session data? Or when you add a login later, or someone else in your company uses this page a year later where users are logged in.
这绝对是一个安全风险。 当涉及安全时,您应该避免使用 URL 内变量。
虽然没有什么是完全安全的,但这是处理此问题的更好方法: http://www .webmasterworld.com/forum88/2910.htm
This is definitely a security risk. You should avoid using in-URL variables when security is involved.
While nothing is totally secure, this is a much better way of handling this issue: http://www.webmasterworld.com/forum88/2910.htm
如果sponsor.php允许任何值进入RedirectPage并且广告暗示认可,或者鼓励人们认为他们走在正确的轨道上,那么您将打开它作为网络钓鱼攻击的一部分。 更糟糕的是,您可能会从这些攻击中获利,这可能会让人们相当不满。
保留允许的 URL(或它们可以遵循的模式)的列表将大大有助于防止出现问题。
If sponsor.php allows any value into RedirectPage AND ads imply an endorsement, or encourage people to think that they are on the right track you would be opening it to be part of a phishing attack. What's worse, you would probably be profiting from those attacks, which would likely make people rather displeased.
Keeping a list of permitted URLs (or patterns that they can follow) would go a long way to prevent problems.