Google redirection URL flaw disclosed - Google Blogoscoped Forum

Forum

Google redirection URL flaw disclosed
Juha-Matti Laurio	Monday, August 13, 2007 16 years ago • 3,768 views
The following "Google redirection url" vulnerability has been disclosed on Full-Disclosure mailing list recently: !Note, working clickable example included! http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065222.html From the report: "Here is the link: http://www.google.com/url?q= http ://whmt.blogspot.com/&sa=D&sntz=1&usg=1' This link will redirect you on my blog(http://whmt.blogspot.com/). (It's safe)" [URL modified to make it safe, J-M]
Juha-Matti Laurio	16 years ago #
And the original report by White Hat Mac Team (WHMT) is located at http://whmt.blogspot.com/2007/08/redirection-google-attention-un-lien.html including working URL as well.
Colin Colehour	16 years ago #
Why is this bad?? Google uses a redirection URL that says Redirecting you to.... when you click on the link.
Juha-Matti Laurio	16 years ago #
I agree, this is not very bad issue. And the report of White Hat Mac Team is not very professional...
Haochi	16 years ago #
>>I agree, this is not very bad issue. Negative. If you think this (http://blogoscoped.com/archive/2007-08-07-n14.html) is bad, the URL redirect is worse.
Juha-Matti Laurio	16 years ago #
Yeah, when you see the text 'Redirecting you to SOMETHING' it's too late.
Clement from WHMT	16 years ago #
You're right, i didn't do it very professionnaly. The flaw work well on Safari (Apple browser), but if you use it with Firefox or Opera, you will be noticed of: "Redirecting to..." However, it disappear very quickly. So, there is a flaw than can be used for phishing against an user of google services. I have made an example: http:// www.google.com/url? q=http%3A%2F%2Fmapage.noos.fr%2Fdacou%2Flogin.html& sa=D&sntz=1&usg=1' This will cloack the real url login page, which is usefull for phishing. Sorry if my "advisory" is not very professionnal, it's the fisrt time i post on a security list. Cheers. Clement-WHMT- [URL broken to prevent accidental clicks – Tony]
Martin Porcheron	16 years ago #
This is a non-issue in my opinion. Google has made this page to alert people to the fact that they are been taken to another website, that is _its_ purpose (ie. to display a message: redirecting you to example.com). Google could take the approach that Yahoo! has been forced to take and create a white list of every page/domain approved to use the redirect, but that would be a massive waste of time (see Yahoo!'s message: http://p1.rd.scd.yahoo.com/*http://google.com/)
Clement from WHMT	16 years ago #
Here is the url with usg not corrupted. The redirection cant happen if you dont click on the link: http://www.google.com/url?q=http://blogoscoped.com/forum/&sntz=1&usg=AFQjCNHmckAiPEFtmcDVFrzx7Gf5hL7rQg With usg=1' , it wont happen. So, even if there is "Redirecting to ...", i think there is a flaw, because you avoid google security page.

Advertisement

Blog | Forum more >> Archive | Feed | Google's blogs | About

Advertisement

This site unofficially covers Google™ and more with some rights reserved. Join our forum!