Edgewall Software

Ticket #3684 (closed defect: worksforme)

Opened 2 years ago

Last modified 2 years ago

Susceptible to spammy redirects

Reported by: anonymous Owned by: cboos
Priority: high Milestone:
Component: ticket system Version: 0.9.6
Severity: major Keywords:
Cc:

Description

Spammers upload attachments, then spamvertize them (typically comment spamming on blogs etc) with ?format=raw behind the URL. Then the redirects work.

Spammy redirects using holes in software is the new spam technique, and needs to be plugged wherever the hole is used.

Details here: http://spamhuntress.com/2006/09/07/trac-ticket-system-susceptible-to-redirects/

Attachments

Change History

Changed 2 years ago by cboos

  • keywords needinfo added
  • owner changed from jonas to cboos
  • milestone set to 0.10

Live from irc:

<cboos> actually, when I tried to see them, I could see the source, but trying to view the "Original Format" redirected me to some other point in the web... The spam html files did contain <script> tags, and the javascript code must have done the redirect <cboos> ... so probably lighthttpd has the render_unsafe_content flag set to true ... or there's a problem with that part of the code

We should check whether the render_unsafe_content TracIni#attachment flag works as expected.

Changed 2 years ago by mgood

  • keywords needinfo removed
  • status changed from new to closed
  • resolution set to worksforme
  • milestone 0.10 deleted

I just verified with one of the Lighttpd admins that render_unsafe_content was set to true, so this just seems to be a config issue.

Add/Change #3684 (Susceptible to spammy redirects)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.