[bugs] [Bug 1246] New - session hijacking using referer URL
bugs at bugs.horde.org
bugs at bugs.horde.org
Tue May 13 07:57:39 PDT 2003
http://bugs.horde.org/show_bug.cgi?id=1246
*** shadow/1246 Tue May 13 11:57:39 2003
--- shadow/1246.tmp.8557 Tue May 13 11:57:39 2003
***************
*** 0 ****
--- 1,39 ----
+ Bug#: 1246
+ Product: Horde
+ Version: 2.3 Unstable
+ Platform: Mozilla 5.x
+ OS/Version: Linux
+ Status: NEW
+ Resolution:
+ Severity: normal
+ Priority: P2
+ Component: IMP
+ Area: BUILD
+ AssignedTo: chuck at horde.org
+ ReportedBy: Nils.Rennebarth at web.de
+ URL:
+ Summary: session hijacking using referer URL
+
+ (The following description and proposed solution is from
+ christian.jaeger at ethlife.ethz.ch)
+
+ Let the victim log into a non-ssl imp3 account. Let him read a mail
+ from you with an url to your server somewhere in it. Wait until he
+ clicks on the url, and whatch the referrer url including the sessionid
+ being written to the apache log. Copy it into your own browser window
+ (does not even need to be at the same ip), and enjoy reading the
+ victim's personal email.
+
+ Solution: each external link is rewritten to something like
+ "http://your.imp.server/redirector.php?url=http://external.server/uri"
+
+
+ Note that the problem only occurs when cookies are disabled and only in
+ http sessions as Mozilla at least does not send referrer information when
+ using https.
+
+ It should not be too difficult to implement as the current code does
+ rewrite links anyway.
+
+
+
More information about the bugs
mailing list