[Full-disclosure] Fwd: nVidia.com [Url Redirection flaw]
Pete Licoln
pete.licoln at gmail.com
Wed Mar 25 22:13:53 GMT 2009
2009/3/25 Lorenzo Vogelsang <vogelsang.lorenzo at gmail.com>
> Neverthless i think that the open redirect vulnerabilty it's serious,
> because "This vulnerability is used in phishing attacks to get users to
> visit malicious sites without realizing it." (
> http://www.owasp.org/index.php/Open_redirect)
Well that's actually false, because the person who WANTS to hijack/Phish
someone who TRUST nvdia via this "flaw" need first to control this website
..Or trick a very very dummy person, it's almost the same as if you say "
wow you can do phishing with the ADDTHIS service " only because the "from
field" can be controlled, without looking at :
The subject : Link shared by **spoofer**
The message body : " this spoofed_emailer recommands you to see this link
,[Message sent by spoofer at bla.site via AddThis.com. Please note that the
sender's email address has not been verified.]
Cant do nothing about that, if you're enough silly to believe in such
credibility, an A-V software wont help you too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090325/b9d48c75/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.