[+] Exploit Title ; Redirect Persian Script Unvalidated Redirect and Forwards Vulnerability
[+] Date : 2018-01-20
[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage : ...
[+] Dork : N/A
[+] Version 1.1
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Description:
[!] Redirect Persian A script for redirecting users to any Sites.
[!] The script is designed by 20script.
[!] This is a good script for site administrators because it has a lot of impact on SEO.
[!] But everyone can change the link and send users to malicious links
[!] For Ex :
[*] http://localhost/index.php?url=http://irethicalhackers.com/forums
[*] The hacker can change this link !
[+] Exploitation Technique:
[!] remote
[+] Severity Level:
[!] Medium
[+] Vulnerable source :
<script type="text/javascript">
var count=5;
var counter=setInterval(timer, 1000);
function timer()
{
count=count-1;
if (count <= 0) {
clearInterval(counter);
document.getElementById('text').innerHTML = '<a title="نمایش صفحه" rel="nofollow" href="<?php $url=$_GET['url']; echo"$url"; ?>">نمایش صفحه</a>';
return;
}
document.getElementById('timer').innerHTML = count;
}
var click_times = 0;
function clicked()
{
if(count <= 0) {
click_times++;
if(click_times>=5) {
document.location = "<?php $url=$_GET['url']; echo"$url"; ?>";
}
}
}
</script>
[+] We Are :
[!] 0P3N3R [+] Mehrdad_Ice [+] BaxTurk24