Mailing List Archive

Plugin to detect arbitrary redirection.
Attached is a plugin that detects a specific case of arbitrary
redirection. It should fire on web servers whom return the path
requested in the 'Location' header of a 30x responce, however fail to
include a '/' separator after the hostname. This flaw allows the server
to be tricked into redirecting to untrusted domains.


Rohan Stelling
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031