http://bugzilla.novell.com/show_bug.cgi?id=550366 Summary: don't use redirect based on user input Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: WebYaST AssignedTo: kkaempf@novell.com ReportedBy: jreidinger@novell.com QAContact: qa@suse.de Blocks: 514382 Found By: --- redirection with user input (risk: medium-HIGH, CWE-601, CWE-79): Some HTTP redirects seem to be called with user-defined input like redirect_to(webservices_url) in webservices_controller.rb or redirect_to new_session_path(:hostname => params[:hostname]) in session_controller.rb. This can ease phishing attacks and can be used for cross-site scripting attacks (depending on the web-browser). Solution: Sanatize the link for redirection and do not allow the coresponding Ruby methods to be called directly (this seems to be already avoided by the csrf_token and auth_token but was not verified). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.