Url re-direct Vulnerable in Google
An accessible alter could be a vulnerability that exists if a
Software permits redirection to an alien website by anon calling a URL in an unfiltered,unmanaged fashion, that can be acclimated to
alter victims to unintended,malicious internet sites. an online
appliance accepts a user-controlled ascribe that specifies a hotlink to
an alien website, and uses that hotlink in a actual Redirect.
A agnate vulnerability is appear in Google by "Ucha Gobejishvili ( longrifle0x )". This downside ability abetment an antagonist to conduct phishing attacks, torjan distribution, spammers.
Url: https://accounts.google.com/auth?redirect_uri=
Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u
A agnate vulnerability is appear in Google by "Ucha Gobejishvili ( longrifle0x )". This downside ability abetment an antagonist to conduct phishing attacks, torjan distribution, spammers.
Url: https://accounts.google.com/auth?redirect_uri=
Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u
Impact of Vulnerability :
The user is aswell redirected to an untrusted page that contains malware which can again accommodation the user's machine. this may betrayal the user to in abyss accident and aswell the user's alternation with the online server can aswell be compromised if the malware conducts keylogging or altered attacks that abduct credentials, alone identifiable abstracts (PII), or altered all-important knowledge. The user is aswell subjected to phishing attacks by getting redirected to an untrusted page. The phishing advance ability purpose to an antagonist controlled online page that seems to be a trusted internet website. The phishers ability again abduct the user's accreditation and again use these accreditation to admission the accepted internet website.Tags: Hacking
Subscribe to:
Post Comments (Atom)
Share your views...
0 Respones to "Url re-direct Vulnerable in Google"