Hello dev-members,

We are trying to place our public Galaxy instance in a more secured manner, Currently I am playing with few test cases about the redirection vulnerabilities.

The following link uses a URL variable called “redirect_url” to redirect a user to a given page. While this variable is intended to only direct a user to a trusted page, it fails to validate the provided value and therefore can be used to redirect to any page.

http://localhost:8080/datasets/332056/display_at/ucsc_test?redirect_url=http://www.google.com&display_url=http://localhost:8080/root

This example redirects a user to Google, but it could just as easily be used to direct a user to a page that contains any malware.

To resolve the issue, may be validate all user controlled input, including the GET request variables. If the input is intended to redirect a user, it must be validated to ensure it only presents them with a page on the trusted site.

any comments or suggestions to work around this.

thanks

--/Vipin

Rätschlab, Computational biology dept.

Memorial Sloan-Kettering Cancer Center