Firefox PHP

Possible spoofing of $redir url with subdomain/domain

Posted by Emerica 
Possible spoofing of $redir url with subdomain/domain
March 05, 2014 01:22AM
github.com/Phorum/Core/blob/master/login.php [github.com]

Language: PHP
$redir_ok = FALSE; $check_urls = array(); if (!empty($PHORUM[';login_redir_urls';])) { $check_urls = explode(';,';, $PHORUM[';login_redir_urls';]); } $check_urls[] = ';http://localhost';; $check_urls[] = $PHORUM[';http_path';];   foreach ($check_urls as $check_url) { // The redir-url has to start with one of these URLs. if (stripos($redir, $check_url) === 0) { $redir_ok = TRUE; break; } }


Correct me if I'm wrong but a cleverly crafted url, any url with localhost* will return true.
IE: [localhost.phishingsite.com], [localhostxffsgaggesgssdsjadsajdasd.com]
This would appear to be an easy way for phishers to bypass the protection written.
Might be possible with the site url as well if the redirect url had multple subdomains. target.com.phishingsite.com
This should probably be marked for revision if it's current code.
Sorry, only registered users may post in this forum.

Click here to login