Hello dev-members,

We are trying to place our public Galaxy
instance<http://galaxy.raetschlab.org>in a more secured manner,
Currently I am playing with few test cases about
the redirection vulnerabilities.

The following link uses a URL variable called “redirect_url” to redirect a
user to a given page. While this variable is intended to only direct a user
to a trusted page, it fails to validate the provided value and therefore
can be used to redirect to any page.

http://localhost:8080/datasets/332056/display_at/ucsc_test?redirect_url=http://www.google.com&display_url=http://localhost:8080/root

This example redirects a user to Google, but it could just as easily be
used to direct a user to a page that contains any malware.

To resolve the issue, may be validate all user controlled input, including
the GET request variables. If the input is intended to redirect a user, it
must be validated to ensure it only presents them with a page on the
trusted site.

any comments or suggestions to work around this.

thanks
--/Vipin

Rätschlab, Computational biology dept.
Memorial Sloan-Kettering Cancer Center
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Reply via email to