This project has moved and is read-only. For the latest updates, please go here.

Potential malware exploit?

May 26, 2015 at 4:31 AM
I stumbled upon something kind of interesting; when a website sets a page to a 302 Temporary Redirect, and BC is set to Reveal Shortened URLS, it appears that BC fetches the initial URL first (displays it in the titlebar), and then shows the new URL in the titlebar.

I setup a test page on my server + the 302 redirect on that page, (via .htaccess. It just goes from blank-ish test page, then to Yahoo), and then made a shortcut file pointing to, to click on to bring up BC.

when you click it you can see the original in the BC titlebar, then after about half a second it'll change to the redirected URL. I haven't done anything more, such as looking at the BC source code to see if this fetching of the URLs could be dangerous though (i.e. malware on either URL that's activated during the fetching), I figured I'd point it out and since you're more familiar with the code, you'd either know offhand already, or would look further into it.
May 28, 2015 at 2:07 PM
While plausible, I would doubt it.

The code that gets the new URI uses .NET built-in functions. It only fetches the head and doesn't execute any code. It even includes an explicit .toString on the resulting URI. The only way I could see it being an issue would be to buffer overflow the WebRequest or WebResponse classes or maybe the toString.

Having said all that, I'm not sure there is much more that could be done. The code responsible for that is in a region called "ShortURL deshortening" in file StartupLauncher.vb Maybe limit the length of the URI to prevent an possible error - I don't know what the maximum length of an window title can be.
Marked as answer by gmyx on 5/28/2015 at 6:07 AM