[issue23505] Urlparse insufficient validation leads to open redirect
Yassine ABOUKIR
report at bugs.python.org
Tue Feb 24 01:11:53 CET 2015
New submission from Yassine ABOUKIR:
The module urlparse lacks proper validation of the input leading to open redirect vulnerability.
The issue is that URLs do not survive the round-trip through `urlunparse(urlparse(url))`. Python sees `/////foo.com` as a URL with no hostname or scheme and a path of `//foo.com`, but when it reconstructs the URL after parsing, it becomes `//foo.com`.
This can be practically exploited this way : http://example.com/login?next=/////evil.com
The for fix this would be for `urlunparse()` to serialize paths with two leading slashes as '/%2F', at least when `scheme` and `netloc` are empty.
----------
components: Library (Lib)
messages: 236470
nosy: yaaboukir
priority: normal
severity: normal
status: open
title: Urlparse insufficient validation leads to open redirect
type: security
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23505>
_______________________________________
More information about the Python-bugs-list
mailing list