homepage

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author yaaboukir
Recipients benjamin.peterson, martin.panter, orsenthil, pitrou, python-dev, soilandreyes, vstinner, yaaboukir
Date 2015年03月03日.00:04:30
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1425341070.56.0.117468743202.issue23505@psf.upfronthosting.co.za>
In-reply-to
Content 
Yes, exploiting this bug an attacker may redirect a specific vitim to a malicious website, in our case evil.com
>>> x = urlparse("////evil.com")
///evil.com will be parsed as relative-path URL which is the correct expected behaviour
>>> print x
>>> ParseResult(scheme='', netloc='', path='//evil.com', params='', query='', fragment='')
As you see two slashes are removed and it is marked as a relative-path URL but when we reconstruct the URL using urlunparse() function, the URL is treated as an absolute URL to which you will be redirected.
>>> x = urlunparse(urlparse("////evil.com"))
>>> urlparse(x)
ParseResult(scheme='', netloc='evil.com', path='', params='', query='', fragment='')
History
Date User Action Args
2015年03月03日 00:04:30yaaboukirsetrecipients: + yaaboukir, orsenthil, pitrou, vstinner, benjamin.peterson, python-dev, martin.panter, soilandreyes
2015年03月03日 00:04:30yaaboukirsetmessageid: <1425341070.56.0.117468743202.issue23505@psf.upfronthosting.co.za>
2015年03月03日 00:04:30yaaboukirlinkissue23505 messages
2015年03月03日 00:04:30yaaboukircreate

AltStyle によって変換されたページ (->オリジナル) /