Feature #607
closedPotential vulnerability with external references in HTML version
0%
Description
In html-version external references to other sites are represented with simple
So other site might receive wtd pamameter from Referer HTTP parameter
Suggestion is as follows:
use intermediate page without wtd parameter in url, redirecting user to target url
Updated by Koen Deforche over 13 years ago
- Status changed from New to InProgress
- Assignee set to Koen Deforche
Hey Boris,
Good catch! To count as a security measure, we would need to do this for any anchor (through WAnchor or a in XHTML content) when the current page has the wtd in the URL (e.g. in plain HTML sessions or when reload-is-new-session is false).
Apparently, do a server-side redirect will replace the Referer correctly, so we would need to replace:
with and implement in WebSession a special 'redirect' request
Regards,
koen
Updated by Koen Deforche over 12 years ago
- Status changed from InProgress to Resolved
- Target version set to 3.1.11
Hey,
We've implemented just this: to use a redirect-indirection in case the current URL contains the (current) session Id.
We still should add this to a few other places, like in the XSS filter and for image src URLs.
Regards,
koen
Updated by Koen Deforche over 12 years ago
- Status changed from Resolved to Closed
Resolved in Wt 3.1.11