Skip to content
Permalink
Browse files Browse the repository at this point in the history
cross-site ?from can be used for phishing
Using cross-site ?from, the user can be presented with a fake "auth failed" page, which will trick them into logging in again. Since they are now on a different site, the site can capture their user, password, and current token in order to steal their access to the real site.
  • Loading branch information
crackedeggs1 committed Jan 27, 2016
1 parent 4be3ac2 commit 8549ad3
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions login/login.php
Expand Up @@ -84,8 +84,12 @@

//--------------------------------------------------
// Checking which URL we should redirect the user to
if (isset($_POST["from"])) {
$from = urldecode($_POST["from"]);
if (isset($_GET['from'])) {
$from = $_GET['from'];
if (preg_match('#^(?:https?:)?//#', $_GET['from'], $m)) {
$url = parse_url($_GET['from']);
$from = $url['path'] . (!empty($url['query']) ? '?' . $url['query'] : '') . (!empty($url['fragment']) ? '#' . $url['fragment'] : '');
}
$redirectTo = ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on")? "https://" : "http://").$_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$from;
}
else {
Expand Down

0 comments on commit 8549ad3

Please sign in to comment.