Hello,
if i'm right the problem is that all other can use your u= and redirect from other sites users? What if you rename u to anything else? And Base64 encode URL?
The only thing i can add is that out check if the referrer is coming from your site, if not you will land on your index page? Or which suggestions do you have?
Best regards,
Alex
Social Engineering
Moderator: Rock
Re: Social Engineering
That would be a good solution! Can you update here, when this is changed?
Re: Social Engineering
Hello, i will add it and i will let you know.
Best regards,
Alex
Best regards,
Alex
Re: Social Engineering
Anyone can also add any url after purl, or plug, as well. Otherwise known as a parasite. This is a big problem. The only solution I know is to rename your out.php. But even then it does not prevent them from using the new out path. Unless TE can provide an update that checks if any domain being used after u or purl, or plug can be 'validated' against a separate whitelist of domains within the script. Since sometimes we want to plug urls that are not trades, and also check from active trade list. If it does not pass it goes to redirect block path or to a specified page like 404. It's quite annoying as it is now with link like:texpert wrote: ↑Sat Feb 06, 2021 1:13 pm Hello,
if i'm right the problem is that all other can use your u= and redirect from other sites users? What if you rename u to anything else? And Base64 encode URL?
The only thing i can add is that out check if the referrer is coming from your site, if not you will land on your index page? Or which suggestions do you have?
Best regards,
Alex
Code: Select all
TE3/out.php?purl=https://boardstrike.ru/MvAaypY.htm