MozTrap Open Redirect

2013.06.18

Credit: Junaid Hussain

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-601

# Title: moztrap.mozilla.org URL Redirection Vulnerability
# Discovery Date: 15/04/13 | Release Date: 13/06/13
# Author: Junaid Hussain [ illSecure Research Group ]
# Contact: illSecResearchGroup@Gmail.com | Website: illSecure.com
# Risk: Low
--------------------------------------------------------------------------------------
> Introduction:
The login page on moztrap.mozilla.org requires a user to login
using Mozilla Persona, once a user signs in successfully
they are redirected to the page stated in the "?next=" parameter,
(Example: https://moztrap.mozilla.org/users/login/?next=/results/runs/)

An attacker can change the value of the parameter and redirect
moztrap and persona users to malicious sites such as phishing sites
or sites with malware.

> Example of URL Redirection Vulnerability:
https://moztrap.mozilla.org/users/login/?next=http://illsecure.com

> Proof Of Concept Video:
http://www.youtube.com/watch?v=06N1sWt54qk

- Junaid Hussain - http://illSecure.com - Security Is An Illusion
--------------------------------------------------------------------------------------
Original: http://www.illsecure.com/2013/06/mozilla-moztrap-url-redirection.html

References:

http://www.youtube.com/watch?v=06N1sWt54qk

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

MozTrap Open Redirect

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.