Project

General

Profile

Actions

Bug #20381

closed

Shortcut icon maps to wrong URL

Added by Michael Stucki over 15 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2009-04-30
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If page.shortcutIcon is set, TYPO3 adds the following code to the header of the website:

<link rel="shortcut icon" href="http://typo3-site-url/fileadmin/.../favicon.ico" />
<link rel="icon" href="http://typo3-site-url/fileadmin/.../favicon.ico" />

However, the site URL can be be spoofed by a potential attacker:

1. Update /etc/hosts so that your evil domain points to the IP of the target server
2. Wait until the cache is cleared or times out (24h by default)
3. Request the website via your evil domain, and make sure to be the first one

Result: The cached website contains a reference to http://www-your-evil-domain.com/fileadmin/.../favicon.ico, so you get notice of every client that request the target website.

(issue imported from #M11015)


Files

bug_11015.diff (679 Bytes) bug_11015.diff Administrator Admin, 2009-04-30 13:15

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #30377: Cache poisoning through http(s) enforcement featureClosedSteffen Ritter2011-09-28

Actions
Actions

Also available in: Atom PDF