If ATI and nVidia were web content developers, this may be a valid argument, but they are not. They are graphics vendors, hardware and software. Not to mention the fact that this isn't a "serious" issue. RFI is a serious issue, IMHO.
On Tue, Mar 24, 2009 at 1:37 PM, <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have been saying for years that ATI is better than nvidia and > here is just one more reason! You don't see serious issues like > this with ATI's website. > > On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang > <[email protected]> wrote: > >Hi all, i'm new to the list. I'm an italian student who likes > >security > >topics in the I.C.T world.. > > > >Browsing the nVdia web sites, i have found a very basic Url > >redirection > >flaw. Infact when downloading a driver i get Urls like this: > > > > > >http://www.nvidia.com/content/DriverDownload/download_confirmation. > >asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_not > >ebook_winxp_64bit_beta.exe > > > >and connecting to this another Url > > > > > >http://www.nvidia.com/content/DriverDownload/download_confirmation. > >asp?kw=&url=http://www.google.it > > > > > >will redirects succefully to www.google.it! (or other web site of > >your > >choice , or downloadble content..) > > > > > >Enjoy! > > > >Lorenzo Vogelsang. > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg9/ > kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH4s > xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl7q > jOiz888= > =2MOh > -----END PGP SIGNATURE----- > > -- > Can't pay your bills? Click here to learn about filing for bankruptcy. > > http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6MFdjI1xth2KPqL4lm3VupTlG/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Rubén Camarero CCNA, CISSP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
