Edgewall Software
Modify

Ticket #3684 (closed defect: worksforme)

Opened 4 years ago

Last modified 4 years ago

Susceptible to spammy redirects

Reported by: anonymous Owned by: cboos
Priority: high Milestone:
Component: ticket system Version: 0.9.6
Severity: major Keywords:
Cc:

Description

Spammers upload attachments, then spamvertize them (typically comment spamming on blogs etc) with ?format=raw behind the URL. Then the redirects work.

Spammy redirects using holes in software is the new spam technique, and needs to be plugged wherever the hole is used.

Details here:  http://spamhuntress.com/2006/09/07/trac-ticket-system-susceptible-to-redirects/

Attachments

Change History

comment:1 Changed 4 years ago by cboos

  • Keywords needinfo added
  • Owner changed from jonas to cboos
  • Milestone set to 0.10

Live from irc:

<cboos> actually, when I tried to see them, I could see the source, but trying to view the "Original Format" redirected me to some other point in the web... The spam html files did contain <script> tags, and the javascript code must have done the redirect <cboos> ... so probably lighthttpd has the render_unsafe_content flag set to true ... or there's a problem with that part of the code

We should check whether the render_unsafe_content TracIni#attachment flag works as expected.

comment:2 Changed 4 years ago by mgood

  • Keywords needinfo removed
  • Status changed from new to closed
  • Resolution set to worksforme
  • Milestone 0.10 deleted

I just verified with one of the Lighttpd admins that render_unsafe_content was set to true, so this just seems to be a config issue.

View

Add a comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
The resolution will be deleted. Next status will be 'reopened'
to The owner will be changed from cboos. Next status will be 'closed'
Author


E-mail address and user name can be saved in the Preferences.

Attachments
 
Note: See TracTickets for help on using tickets.