This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 197738

Summary: Open redirect on netbeans.org newsletter
Product: www Reporter: akochnev <akochnev>
Component: Web ContentAssignee: Jan Pirek <jpirek>
Status: NEW ---    
Severity: normal    
Priority: P2    
Version: 7.0.1   
Hardware: PC   
OS: Linux   
Issue Type: DEFECT Exception Reporter:

Description akochnev 2011-04-14 12:02:30 UTC 
This is currently being used when the newsletters are published, the URL looks like this : 

http://netbeans.org/jump.html?url=http%3A%2F%2Fwww.troymaxventures.com%2F2011%2F04%2Fprogrammatically-working-with-databases.html&intcmp=925655

Obviously, the idea is for users to see that this is a item published on netbeans.org, but when they click on the link to be redirected to the target site. 

This open redirect can be used for phishing attacks for sending users to unsavory sites and make it look like it was all sanctioned by netbeans, e.g.: 


http://netbeans.org/jump.html?url=http%3A%2F%2Fwww.evil.org&intcmp=925655

would redirect the user to www.evil.org

More details on the subject at http://cwe.mitre.org/data/definitions/601.html and https://www.owasp.org/index.php/Open_redirect
Comment 1 RobertPattinson 2012-05-25 13:21:48 UTC 
SPAM - Removed by Administrator