Message237093
Yes, exploiting this bug an attacker may redirect a specific vitim to a malicious website, in our case evil.com
>>> x = urlparse("////evil.com")
///evil.com will be parsed as relative-path URL which is the correct expected behaviour
>>> print x
>>> ParseResult(scheme='', netloc='', path='//evil.com', params='', query='', fragment='')
As you see two slashes are removed and it is marked as a relative-path URL but when we reconstruct the URL using urlunparse() function, the URL is treated as an absolute URL to which you will be redirected.
>>> x = urlunparse(urlparse("////evil.com"))
>>> urlparse(x)
ParseResult(scheme='', netloc='evil.com', path='', params='', query='', fragment='') |
|
Date |
User |
Action |
Args |
2015-03-03 00:04:30 | yaaboukir | set | recipients:
+ yaaboukir, orsenthil, pitrou, vstinner, benjamin.peterson, python-dev, martin.panter, soilandreyes |
2015-03-03 00:04:30 | yaaboukir | set | messageid: <1425341070.56.0.117468743202.issue23505@psf.upfronthosting.co.za> |
2015-03-03 00:04:30 | yaaboukir | link | issue23505 messages |
2015-03-03 00:04:30 | yaaboukir | create | |
|