Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Microsoft Outlook Web Access 'owalogon.asp' Lets Remote Users Redirect Login Requests |
|---|
Categorie: Vulnerability
Posted: 2005-02-07 by ReCall
Views: 403
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in Microsoft Outlook Web Access (OWA). A remote user can create a login URL that will redirect the user to an alternate page.
exploitlabs.com reported that a remote user can create a specially crafted URL that, when loaded by the target user, will redirect the target user's browser to an alternate page. The URL can contain encoded characters to obfuscate the address of the true destination page.
A demonstration exploit URL is provided:
https://[target]/exchweb/bin/auth/owalogon.asp?url=http://3221234342/
The alternate web page specified by the 'url' parameter may be able to capture authentication information sent by the target user.
The vendor was notified on January 20, 2005.
http://www.exploitlabs.com/files/advisories/expl-a-2005-001-owa.txt
Impact: A remote user can create a login URL that will redirect the user to an alternate page.
Solution: No solution was available at the time of this entry. The vendor plans to add a fix in the next major release.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1343
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
