Welcome! Log In Create A New Profile

Possible spoofing of $redir url with subdomain/domain

Posted by Emerica

Emerica

Possible spoofing of $redir url with subdomain/domain
March 04, 2014 07:22PM

Registered: 11 years ago
Posts: 1

github.com/Phorum/Core/blob/master/login.php [github.com]

Language: PHP
$redir_ok = FALSE;
                $check_urls = array();
                if (!empty($PHORUM[';login_redir_urls';])) {
                    $check_urls = explode(';,';, $PHORUM[';login_redir_urls';]);
                }
                $check_urls[] = ';http://localhost';;
                $check_urls[] = $PHORUM[';http_path';];
 
                foreach ($check_urls as $check_url)
                {
                     // The redir-url has to start with one of these URLs.
                     if (stripos($redir, $check_url) === 0) {
                            $redir_ok = TRUE;
                            break;
                     }
                }

Correct me if I'm wrong but a cleverly crafted url, any url with localhost* will return true.
IE: [localhost.phishingsite.com], [localhostxffsgaggesgssdsjadsajdasd.com]
This would appear to be an easy way for phishers to bypass the protection written.
Might be possible with the site url as well if the redirect url had multple subdomains. target.com.phishingsite.com
This should probably be marked for revision if it's current code.

Reply Quote

Newer Topic Older Topic

Print View RSS

Sorry, only registered users may post in this forum.

Click here to login

Official Forums Add-ons and Hacks Support in other languages Outdated forums Recent Messages

5.2 Phorum Support Developers Corner Phorum Development Announcements

5.2 Templates 5.2 Language Files 5.2 Modules/Add-Ons Phorum Integration Phorum Hack/Mod Requests

French Support / forum francophone Soporte en español Русская поддержка движка Phorum Polish Support

Phorum 5.1/5.0

5.1 Phorum Support 5.1 Phorum Templates/Themes 5.1 Phorum Language Files 5.1 Phorum Modules / Add-Ons 5.1 Phorum Hacks