Affected Software : Google.com domain
Severity : Low
Local/Remote : Remote
Author : Piotr Duszynski (@drk1wi)
Due to a domain filtering bug and the way Chrome and Safari browsers
are interpreting the '%2e' URL encoded char it is possible to
trigger an open redirection through the Google main domain.
Vulnerability Details:
This vulnerability* has been verified on Chrome and Safari latest
browsers.
HTTP GET request:
http://www.google.com/sorry/?
HTTP response body:
HTTP/1.0 302 Moved Temporarily
Location:
http://www.google.wp%2epl/
The fact that the %2e is interpreted as a '.' within the address bar,
allows to trigger an open redirect.
Try This: http://www.google.com/sorry/?continue=http://facebook.com
Source: Full disclosure.
Severity : Low
Local/Remote : Remote
Author : Piotr Duszynski (@drk1wi)
Due to a domain filtering bug and the way Chrome and Safari browsers
are interpreting the '%2e' URL encoded char it is possible to
trigger an open redirection through the Google main domain.
Vulnerability Details:
This vulnerability* has been verified on Chrome and Safari latest
browsers.
HTTP GET request:
http://www.google.com/sorry/?
HTTP response body:
HTTP/1.0 302 Moved Temporarily
Location:
http://www.google.wp%2epl/
The fact that the %2e is interpreted as a '.' within the address bar,
allows to trigger an open redirect.
Try This: http://www.google.com/sorry/?continue=http://facebook.com
Source: Full disclosure.
