[issue23505] Urlparse insufficient validation leads to open redirect

Yassine ABOUKIR Mon, 02 Mar 2015 16:05:03 -0800

Yassine ABOUKIR added the comment:

Yes, exploiting this bug an attacker may redirect a specific vitim to a 
malicious website, in our case evil.com


>>> x = urlparse("////evil.com")

///evil.com will be parsed as relative-path URL which is the correct expected 
behaviour

>>> print x
>>> ParseResult(scheme='', netloc='', path='//evil.com', params='', query='', 
>>> fragment='')

As you see two slashes are removed and it is marked as a relative-path URL but 
when we reconstruct the URL using urlunparse() function, the URL is treated as 
an absolute URL to which you will be redirected.

>>> x = urlunparse(urlparse("////evil.com"))
>>> urlparse(x)
ParseResult(scheme='', netloc='evil.com', path='', params='', query='', 
fragment='')

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23505>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23505] Urlparse insufficient validation leads to open redirect

Reply via email to