ZH2005-14SA.txt

`[ZH2005-14SA] Phishing problems on MSN  
  
Date: July 1th 2005  
  
Author:Giovanni Delvecchio  
  
email: [email protected]  
  
  
  
Overview  
=======  
Multiple phishing problems exist on support.msn.com, permitting to a   
possible attacker to conduct phishing attack against a user.  
  
  
Details  
=====  
1)Input passed to the "ru" parameter in "pplogin.aspx" isn't properly  
sanitised before being returned to the user  
  
  
Example:  
  
http://support.msn.com/pplogin.aspx?ru=http://www.evil-   
site.com">www.msn.com/  
  
or  
  
http://support.msn.com/pplogin.aspx?ru=%68%74%74%70%3A%2F%2F%77%77%77%   
2E%65%76%69%6C%2D%73%69%74%65%2E%63%6F%6D%22%3E%77%77%77%2E%6D%73%6E%   
2E%63%6F%6D/  
  
The problem has been fixed today.  
  
Here is possible see a screen shot:  
http://www.zone-h.org/files/49/msn1.jpg  
  
  
  
2)Input passed to the 'mspplogin' parameter isn't properly sanitised, and by  
using specialy crafted URL an attacker can cause the user to be redirected  
to an arbitrary URL for the passport authentication.  
  
  
Example:  
http://support.msn.com/pplogin.aspx?msppchlg=1&mspplogin=http://www.evil-site.com/login.srf%3F  
  
This problem at the moment has not been fixed.  
  
  
  
Reference  
=======  
http://www.zone-h.org/advisories/read/id=7764  
  
_________________________________________________________________  
Ricerche online più semplici e veloci con MSN Toolbar!   
http://toolbar.msn.it/  
  
`