[Full-disclosure] nVidia.com [Url Redirection flaw]
vogelsang.lorenzo at gmail.com
Wed Mar 25 14:21:42 GMT 2009
Yes i've notice that is also vulnerable to Xss.. In fact this link :
will succefully popup an "xss" alert message. Moreover i've checked
Xssed.com and i saw that a Xss flaw(not url redirection) was already
been found by st at rext ( http://www.xssed.com/mirror/25632/ ) in
17/11/2007. Nevertheless i think that nvidia was not aware of any
vulnerabilities until the day in which I alerted the admin to the url
redirection on nvidia.com (or nvidia is very slow to solve problems,
but i don't wanna do thnik so.. :) ). In fact he answer me that a bug
report was opened and that his team is working to solve the problem.
Despite i've told to nvidia only the "url redirection" flaw i think
that, if "url redirection" will be solved all the xss inherently
vulnerabilites will be solved too.
---------- Forwarded message ----------
From: Martin Aberastegue <xyborg at gmail.com>
Date: Wed, 25 Mar 2009 10:48:24 -0300
Subject: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
To: Lorenzo Vogelsang <vogelsang.lorenzo at gmail.com>
Cc: full-disclosure at lists.grok.org.uk
Well, we have a XSS too, just put whatever you want on the variable
"url" closing first the meta refresh tag, i.e:
src="http://www.yahoo.com/" with="100%" height=600></iframe><!--
Since nVidia is a trusted site some people could use it to spread
malware directly from there. This is just a simple redirection issue
and nVidia may have to correct this ASAP, even if they are just
On Tue, Mar 24, 2009 at 11:13 AM, Lorenzo Vogelsang
<vogelsang.lorenzo at gmail.com> wrote:
> Hi all, i'm new to the list. I'm an italian student who likes security
> topics in the I.C.T world..
> Browsing the nVdia web sites, i have found a very basic Url redirection
> flaw. Infact when downloading a driver i get Urls like this:
> and connecting to this another Url
> will redirects succefully to www.google.it! (or other web site of your
> choice , or downloadble content..)
> Lorenzo Vogelsang.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.