Message236470
The module urlparse lacks proper validation of the input leading to open redirect vulnerability.
The issue is that URLs do not survive the round-trip through `urlunparse(urlparse(url))`. Python sees `/////foo.com` as a URL with no hostname or scheme and a path of `//foo.com`, but when it reconstructs the URL after parsing, it becomes `//foo.com`.
This can be practically exploited this way : http://example.com/login?next=/////evil.com
The for fix this would be for `urlunparse()` to serialize paths with two leading slashes as '/%2F', at least when `scheme` and `netloc` are empty. |
|
Date |
User |
Action |
Args |
2015-02-24 00:11:53 | yaaboukir | set | recipients:
+ yaaboukir |
2015-02-24 00:11:53 | yaaboukir | set | messageid: <1424736713.95.0.74935935546.issue23505@psf.upfronthosting.co.za> |
2015-02-24 00:11:53 | yaaboukir | link | issue23505 messages |
2015-02-24 00:11:53 | yaaboukir | create | |
|