| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0000232 | Branch 0.2.1-FINAL | Feature Request | public | 2012-10-07 00:36 | 2016-11-23 11:10 | ||||
| Reporter | Quix0r | ||||||||
| Assigned To | Quix0r | ||||||||
| Priority | urgent | Severity | minor | Reproducibility | N/A | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | PHP5-Latest | OS | Linux | OS Version | 2.6 | ||||
| Product Version | 0.2.1-FINAL | ||||||||
| Target Version | 0.2.1-FINAL | Fixed in Version | 0.2.1-FINAL | ||||||
| Summary | 0000232: Dereferrer gegen Dereferrer-Spam schuetzen | ||||||||
| Description | Der Derferrer unter modules.php?module=loader&url=foobar ist derzeit zum Spamming ausnutzbar, da jede beliebige URL uebergeben werden kann, die dann verlinkt wird (falls das JavaScript dies nicht tut). Der Spammer hat somit eine Moeglichkeit, URL-Sperren zu umgehen und dabei das "Ansehen" (Reputation) der Mailtauschwebseite auszunutzen, um besser in den Suchergebnissen plaziert zu werden. Dies soll durch ein Hashen der URL und ein "Ueberhashen" mit encodeHashForCookie(), damit der Angreifer den Ursprungshash nicht in Erfahrung bringen kann und somit Woerterbuchattacken stark gemindert sind. | ||||||||
| Additional Information | Dazu muss nur die Funktion generateDerefererUrl() und das Script inc/modules/loader.php erweitert werden. | ||||||||
| Tags | dereferrer, fix, protection, spam | ||||||||
| Attached Files |
| ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
| Notes |
|
|
Quix0r (administrator) 2012-10-07 00:52 |
Revision 2841 enthaelt dazu die noetige Aenderung. |
|
Quix0r (administrator) 2016-11-23 11:10 |
Und zu damit. |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-10-07 00:36 | Quix0r | New Issue | |
| 2012-10-07 00:38 | Quix0r | Additional Information Updated | View Revisions |
| 2012-10-07 00:38 | Quix0r | Assigned To | => Quix0r |
| 2012-10-07 00:38 | Quix0r | Status | new => assigned |
| 2012-10-07 00:52 | Quix0r | Note Added: 0000568 | |
| 2012-10-07 00:52 | Quix0r | Status | assigned => resolved |
| 2012-10-07 00:52 | Quix0r | Fixed in Version | => 0.2.1-FINAL |
| 2012-10-07 00:52 | Quix0r | Resolution | open => fixed |
| 2012-10-07 01:09 | Quix0r | Summary | Dereferrer gegen "Redirect-Spam" schuetzen => Dereferrer gegen Dereferrer-Spam schuetzen |
| 2012-10-07 02:27 | Quix0r | Tag Attached: dereferrer | |
| 2012-10-07 02:27 | Quix0r | Tag Attached: fix | |
| 2012-10-07 02:27 | Quix0r | Tag Attached: protection | |
| 2012-10-07 02:27 | Quix0r | Tag Attached: spam | |
| 2016-11-23 11:10 | Quix0r | Note Added: 0000706 | |
| 2016-11-23 11:10 | Quix0r | Status | resolved => closed |
| Issue History |