Google Blogoscoped

Forum

Google redirection URL flaw disclosed

Juha-Matti Laurio [PersonRank 10]

Monday, August 13, 2007
9 years ago1,718 views

The following "Google redirection url" vulnerability has been disclosed on Full-Disclosure mailing list recently:

!Note, working clickable example included!
lists.grok.org.uk/pipermail/fu ...

From the report:
"Here is the link:
google.com/url?q= http ://whmt.blogspot.com/&sa=D&sntz=1&usg=1'
This link will redirect you on my blog(whmt.blogspot.com/).
(It's safe)"

[URL modified to make it safe, J-M]

Juha-Matti Laurio [PersonRank 10]

9 years ago #

And the original report by White Hat Mac Team (WHMT) is located at
whmt.blogspot.com/2007/08/redi ...

including working URL as well.

Colin Colehour [PersonRank 10]

9 years ago #

Why is this bad??

Google uses a redirection URL that says Redirecting you to.... when you click on the link.

Juha-Matti Laurio [PersonRank 10]

9 years ago #

I agree, this is not very bad issue.
And the report of White Hat Mac Team is not very professional...

Haochi [PersonRank 10]

9 years ago #

>>I agree, this is not very bad issue.
Negative. If you think this (blogoscoped.com/archive/2007-0 ...) is bad, the URL redirect is worse.

Juha-Matti Laurio [PersonRank 10]

9 years ago #

Yeah, when you see the text 'Redirecting you to SOMETHING' it's too late.

Clement from WHMT [PersonRank 1]

9 years ago #

You're right, i didn't do it very professionnaly. The flaw work well on Safari (Apple browser), but if you use it with Firefox or Opera, you will be noticed of: "Redirecting to..." However, it disappear very quickly.
So, there is a flaw than can be used for phishing against an user of google services. I have made an example:

http:// www.google.com/url?
q=http%3A%2F%2Fmapage.noos.fr%2Fdacou%2Flogin.html&
sa=D&sntz=1&usg=1'

This will cloack the real url login page, which is usefull for phishing.
Sorry if my "advisory" is not very professionnal, it's the fisrt time i post on a security list.
Cheers.
Clement-WHMT-

[URL broken to prevent accidental clicks – Tony]

Martin Porcheron [PersonRank 10]

9 years ago #

This is a non-issue in my opinion. Google has made this page to alert people to the fact that they are been taken to another website, that is _its_ purpose (ie. to display a message: redirecting you to example.com).

Google could take the approach that Yahoo! has been forced to take and create a white list of every page/domain approved to use the redirect, but that would be a massive waste of time (see Yahoo!'s message: p1.rd.scd.yahoo.com/*google.co ...)

Clement from WHMT [PersonRank 1]

9 years ago #

Here is the url with usg not corrupted. The redirection cant happen if you dont click on the link: google.com/url?q=blogoscoped.c ...
With usg=1' , it wont happen. So, even if there is "Redirecting to ...", i think there is a flaw, because you avoid google security page.

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!