Results 1 to 2 of 2

Thread: Facebook OAuth hack by Nir Goldshlager (regex issue in next=YOUR_REDIRECT_URL)

  1. Feb 28th, 2013, 03:35 AM #1
    Antoine Galland
    Antoine Galland is offline Junior Member
    Join Date
    Feb 2013
    Posts
    1

    Default Facebook OAuth hack by Nir Goldshlager (regex issue in next=YOUR_REDIRECT_URL)

    Dear

    Have you evaluate if the Spring Security OAuth 1.0.1 release is sensitive to this hack ?
    http://www.nirgoldshlager.com/2013/0...-get-full.html
    Cheers,
    ++ Antoine
    Reply With Quote Reply With Quote
  2. Feb 28th, 2013, 03:51 AM #2
    Dave Syer
    Dave Syer is offline Senior Member
    Join Date
    Jun 2005
    Posts
    4,241

    Default

    If you had a custom RedirectResolver you could probably expose yourself to the same attack. The DefaultRedirectResolver is not a regex matcher - take a look for yourself.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules