Hey $MegaCorp! Did you notice that it's easy to take the client URL and hijack a session with CSS? I can just append any old URL and the browser will be redirected! We need a solution!Yeah, we need one, too. This one's been documented a dozen times. There are a few things to consider though:
- It can't be exploited if you're using HTTPS
- It can't be exploited if you're using cookies
- There's no reason not to use HTTPS in any sensitive environment
- Since the URL is coming from within the trusted system, there's not much threat
- What little threat exists is the same as any other sort of hack against your server
Setting up HTTPS on IIS is fucking point-and-click. If your "admin" is so incompetent that he can't set up SSL on fucking IIS, fire the fuckwit and hire a high school student. All it takes is a click, a right click, a click, a check that the port is 443, three more clicks, selecting a checkbox, then two more clicks. A drunk macaque could enable SSL within a day.
Official Root cause: 1-Defect.
True Root cause: 17-Fuckwit.
|< The Wheels on the Car go . . . | BBC White season: 'Rivers of Blood' >|