[issue23505] Urlparse insufficient validation leads to open redirect
Yassine ABOUKIR
report at bugs.python.org
Tue Mar 3 01:04:30 CET 2015
Yassine ABOUKIR added the comment:
Yes, exploiting this bug an attacker may redirect a specific vitim to a malicious website, in our case evil.com
>>> x = urlparse("////evil.com")
///evil.com will be parsed as relative-path URL which is the correct expected behaviour
>>> print x
>>> ParseResult(scheme='', netloc='', path='//evil.com', params='', query='', fragment='')
As you see two slashes are removed and it is marked as a relative-path URL but when we reconstruct the URL using urlunparse() function, the URL is treated as an absolute URL to which you will be redirected.
>>> x = urlunparse(urlparse("////evil.com"))
>>> urlparse(x)
ParseResult(scheme='', netloc='evil.com', path='', params='', query='', fragment='')
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23505>
_______________________________________
More information about the Python-bugs-list
mailing list