prevent Knurl from redirecting to itself
christefano - April 6, 2009 - 18:43
| Project: | Knurl |
| Version: | 6.x-1.0 |
| Component: | Miscellaneous |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
It seems pretty easy to DoS a site running Knurl by creating a knurl that redirects to another knurl that redirects to the first knurl.

#1
Sanitising the input when the form is validated would seem to be easy for a single site, but here's the rub:
Any 2 sites using this module could be used to DOS the other (presumably with a 'winner' and a 'loser' as one of them gets knocked off and stops DOS'ing the other.)
So hopefully a patch will take this into account as well.
- Forest Mars