[Full-disclosure] Advisory: Redirection Bug In Feeds.MSN
Metaeye
contact at metaeye.org
Tue Nov 28 08:21:55 GMT 2006
Vendor: MSN
Severity: Critical
Dated: 20 November 2006
Explanation:
The feeds.msn website possesses a typical redirection vulnerability.
The attacker can manipulate this vulnerability to leverage third party
attacks. The traffic can be redirected to the desired destination of
attacker's choice.
Website:
http://feeds.msn.com/content/ca/framesite/frmredir.asp?m=<url>
You can check the redirection
http://feeds.msn.com/content/ca/framesite/frmredir.asp?m=www.google.com"
Vendor Status: Reported.
No Response.
Not patched.
--
MSG
http://www.metaeye.org
Full-Disclosure is hosted and sponsored by Secunia.