[dev] Fwd: [Bug 1246] New - session hijacking using referer URL
Chuck Hagenbuch
chuck at horde.org
Tue May 13 20:14:32 PDT 2003
Any opinions on this?
----- Forwarded message from bugs at bugs.horde.org -----
Date: Tue, 13 May 2003 11:57:39 -0300
From: bugs at bugs.horde.org
Reply-To: bugs at horde.org
Subject: [Bug 1246] New - session hijacking using referer URL
To: chuck at horde.org, Nils.Rennebarth at web.de, bugs at horde.org
http://bugs.horde.org/show_bug.cgi?id=1246
*** shadow/1246 Tue May 13 11:57:39 2003
--- shadow/1246.tmp.8557 Tue May 13 11:57:39 2003
***************
*** 0 ****
--- 1,39 ----
+ Bug#: 1246
+ Product: Horde
+ Version: 2.3 Unstable
+ Platform: Mozilla 5.x
+ OS/Version: Linux
+ Status: NEW
+ Resolution:
+ Severity: normal
+ Priority: P2
+ Component: IMP
+ Area: BUILD
+ AssignedTo: chuck at horde.org
+ ReportedBy: Nils.Rennebarth at web.de
+ URL:
+ Summary: session hijacking using referer URL
+
+ (The following description and proposed solution is from
+ christian.jaeger at ethlife.ethz.ch)
+
+ Let the victim log into a non-ssl imp3 account. Let him read a mail
+ from you with an url to your server somewhere in it. Wait until he
+ clicks on the url, and whatch the referrer url including the sessionid
+ being written to the apache log. Copy it into your own browser window
+ (does not even need to be at the same ip), and enjoy reading the
+ victim's personal email.
+
+ Solution: each external link is rewritten to something like
+ "http://your.imp.server/redirector.php?url=http://external.server/uri"
+
+
+ Note that the problem only occurs when cookies are disabled and only in
+ http sessions as Mozilla at least does not send referrer information when
+ using https.
+
+ It should not be too difficult to implement as the current code does
+ rewrite links anyway.
+
+
+
----- End forwarded message -----
-chuck
--
Charles Hagenbuch, <chuck at horde.org>
The alligators were there, too, in a bathtub inside the house.
More information about the dev
mailing list