Comments | lj_dev: Potential security issue with people adding a trailing '.' to your domain

exor674 in lj_dev

Potential security issue with people adding a trailing '.' to your domain

Jul 15, 2009 23:05

If you have domain forwarding enabled, a user can take control of www.sitename.com. (note the trailing dot) and possibly get ahold of the users master cookie, as well as some other pretty vile things.

Adding $host =~ s/\.$//; on line 256 of cgi-bin/Apache/LiveJournal.pm should correct this issue.

server: domains, security bug reports, *announce, server

Comments 3

pauamma July 16 2009, 16:16:12 UTC

http://community.livejournal.com/changelog/7283482.html has the diff for this.

(The comment has been removed)

pauamma July 16 2009, 17:26:54 UTC

If you have an alternative that's as good or better as a fix for the security problem, and addresses your concern, feel free to use it and or to post it here. :-)

exor674 July 16 2009, 18:10:42 UTC

Well the alternative would have required changing tons of regexes, config on the site, more complex code to add the . If it wasn't there, and potentially breaking the domain forwarding of every single user who has it set up.