csnyder wrote:
Right, you can't trust the referer if you fear scripted attacks.
John, is that what you were talking about, or was it something more
abstract and seo-related?
I was picturing people using the open redirect to take advantage of
your page rank by causing your site to link to theirs.
Your paranoia is well justified. Open redirects are exploited by
unsavory people in a number of ways. I came across a phishing email
recently posing as a fake "Paypal confirmation". In the page was a link
which appeared to point at aol.com (some 1/2 internet savvy people
glance at the url to see if it points to a "reputable" site before
clicking away on it). The aol.com link led to a well constructed
imitation of the Paypal login page which was intended to maliciously
steal accounts. Here is an example of the link:
http://www.aol.com/redir.adp?_e_t=ap&_a_v=2.0&_a_i=100124311x1116601028x1077500809&_url=http://www.nyphp.org
If you want to peek at a copy of the original phishing mail, check out
http://www.datawhorehouse.com/0day/paypalphish
The safer thing for Susan to do would probably be to put all the valid
redirect URL's in an array like:
redir.php:
<?php
$validURLS=array('
0=>'www.mysite.com',
1=>'www.yahoo.com',
2=>'www.nyphp.org',
3=>'www.php.net'
);
// some code to store hit in db logs goes here
header('Location: http://'.intval($_GET['r']));
?>
~Rolan
~Rolan
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
