Announcement Announcement Module
Collapse
No announcement yet.
Facebook OAuth hack by Nir Goldshlager (regex issue in next=YOUR_REDIRECT_URL) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Facebook OAuth hack by Nir Goldshlager (regex issue in next=YOUR_REDIRECT_URL)

    Dear

    Have you evaluate if the Spring Security OAuth 1.0.1 release is sensitive to this hack ?
    http://www.nirgoldshlager.com/2013/0...-get-full.html
    Cheers,
    ++ Antoine

  • #2
    If you had a custom RedirectResolver you could probably expose yourself to the same attack. The DefaultRedirectResolver is not a regex matcher - take a look for yourself.

    Comment

    Working...
    X