[Full-disclosure] nVidia.com [Url Redirection flaw]
xyborg at gmail.com
Wed Mar 25 13:48:24 GMT 2009
Well, we have a XSS too, just put whatever you want on the variable
"url" closing first the meta refresh tag, i.e:
src="http://www.yahoo.com/" with="100%" height=600></iframe><!--
Since nVidia is a trusted site some people could use it to spread
malware directly from there. This is just a simple redirection issue
and nVidia may have to correct this ASAP, even if they are just
On Tue, Mar 24, 2009 at 11:13 AM, Lorenzo Vogelsang
<vogelsang.lorenzo at gmail.com> wrote:
> Hi all, i'm new to the list. I'm an italian student who likes security
> topics in the I.C.T world..
> Browsing the nVdia web sites, i have found a very basic Url redirection
> flaw. Infact when downloading a driver i get Urls like this:
> and connecting to this another Url
> will redirects succefully to www.google.it! (or other web site of your
> choice , or downloadble content..)
> Lorenzo Vogelsang.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.