[+] Exploit Title ; Not Evil Search Engine Unvalidated Redirect and Forwards Vulnerability [+] Date : 2018-06-11 [+] Author : 0P3N3R From Iran Security Group [+] Vendor Homepage : https://hss3uro2hsxfogfq.onion.to/ And http://hss3uro2hsxfogfq.onion [+] Dork : N/A [+] Version : N/A [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Description : [!] Not Evil searches hidden services on the Tor network. [!] What is Unvalidated Redirect and Forwards ? Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access. [+] Poc : [!] Video : https://youtu.be/WcpUXIj-8bc [+] hacker can edit the url and replace its malicious link [+] The user trusts the Not Evil and goes to the hacker link [!] Vulnerable Link : [*] hss3uro2hsxfogfq.onion/r2d.php?url=your link here&q=d81Nir%2BCqat0EotbUAVQRF3QiC3xSUVlp2cgMKDq2Xo%3D&idx=4&session=zHgTMv1FGk4D7c5UwEuMeDWZqUafZEu52R2ue64Sn0E%3D [!] For Ex (We Edit This Link): [*] hss3uro2hsxfogfq.onion/r2d.php?url=http://0p3n3r.ir&q=d81Nir%2BCqat0EotbUAVQRF3QiC3xSUVlp2cgMKDq2Xo%3D&idx=4&session=zHgTMv1FGk4D7c5UwEuMeDWZqUafZEu52R2ue64Sn0E%3D [+] Now You redirect to the My Website [+] Exploitation Technique: [!] remote [+] Severity Level: [!] Low [+] Request Method : [!] GET [+] Vulnerable files : [!] 2rd.php [+] Patch : [!] Restrict user input or replace bad characters [+] We Are : [+] 0P3N3R [+] Ebrahim_Vaker [+]