Foren
penetration test - login.jsp
Hussain Shaikh, geändert vor 7 Jahren.
penetration test - login.jsp
Junior Member Beiträge: 44 Beitrittsdatum: 07.06.12 Neueste Beiträge
Hi,
Burp penetration test is failing at login.jsp's
<aui:input name="redirect" type="text" value="<%= redirect %>" />
Issue detail
It is possible to induce the application to perform server-side DNS lookups of arbitrary domain names.
The payload http://5io63uidl5wdupse2a8ua0jt1k7b91xrlj8awz.burpcollaborator.net/?null was submitted in the _58_redirect parameter.
The application performed a DNS lookup of the specified domain.
Request
_58_formDate=1489587340950&_58_redirect=http%3a%2f%2f5io63uidl5wdupse2a8ua0jt1k7b91xrlj8awz.burpcollaborator.net%2f%3fnull&login=userName&password=xyz&captchaText=
Please suggest how to overcome this.
Burp penetration test is failing at login.jsp's
<aui:input name="redirect" type="text" value="<%= redirect %>" />
Issue detail
It is possible to induce the application to perform server-side DNS lookups of arbitrary domain names.
The payload http://5io63uidl5wdupse2a8ua0jt1k7b91xrlj8awz.burpcollaborator.net/?null was submitted in the _58_redirect parameter.
The application performed a DNS lookup of the specified domain.
Request
_58_formDate=1489587340950&_58_redirect=http%3a%2f%2f5io63uidl5wdupse2a8ua0jt1k7b91xrlj8awz.burpcollaborator.net%2f%3fnull&login=userName&password=xyz&captchaText=
Please suggest how to overcome this.
Samuel Kong, geändert vor 7 Jahren.
RE: penetration test - login.jsp
Liferay Legend Beiträge: 1902 Beitrittsdatum: 10.03.08 Neueste Beiträge
Hi Hussain
First of all, I just want to confirm that you're not actually getting redirected to the mentioned URL. If you are redirected, please take a look at the Reporting Security Issues information on how to report a security issue.
If you want to prevent the DNS lookup, you can set the following portal.property to "domain"
However, you'll also need to explicitly list all valid domains using the property
First of all, I just want to confirm that you're not actually getting redirected to the mentioned URL. If you are redirected, please take a look at the Reporting Security Issues information on how to report a security issue.
If you want to prevent the DNS lookup, you can set the following portal.property to "domain"
#
# Set this property to "ip" or "domain" for the redirect security method. If
# set to "domain", the portal will only redirect users to domains listed in
# the property "redirect.url.domain.allowed". If set to "ip", the portal
# will only redirect to domains whose IP address resolve to an IP address
# listed in the property "redirect.url.ip.allowed".
#
#redirect.url.security.mode=domain
redirect.url.security.mode=ip
However, you'll also need to explicitly list all valid domains using the property
#
# Input a list of comma delimited domains which the portal is allowed to
# redirect to. Input a blank list to allow any domain.
#
redirect.url.domains.allowed=
Hussain Shaikh, geändert vor 7 Jahren.
RE: penetration test - login.jsp
Junior Member Beiträge: 44 Beitrittsdatum: 07.06.12 Neueste Beiträge
Hi Samuel,
I confirm that it is not redirecting but performs DNS look up on arbitrary domains.
Thank you for the help, though.
I confirm that it is not redirecting but performs DNS look up on arbitrary domains.
Thank you for the help, though.