Ahmia Search Engine Unvalidated Redirect and Forwards Vulnerability

2018.06.11
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Exploit Title ; Ahmia Search Engine Unvalidated Redirect and Forwards Vulnerability [+] Date : 2018-06-11 [+] Author : 0P3N3R From Iran Security Group [+] Vendor Homepage : https://ahmia.fi/ [+] Dork : N/A [+] Version : N/A [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Description : [!] Ahmia searches hidden services on the Tor network. [!] What is Unvalidated Redirect and Forwards ? Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access. [+] Poc : [!] Video : https://youtu.be/WcpUXIj-8bc [+] hacker can edit the url and replace its malicious link [+] The user trusts the Ahmia and goes to the hacker link [!] Vulnerable Link : [*] http://msydqstlz2kzerdg.onion/search/search/redirect?search_term=test%27&redirect_url=Your Link Here [!] For Ex (We Edit This Link): [*] http://msydqstlz2kzerdg.onion/search/search/redirect?search_term=test%27&redirect_url=http://0p3n3r.ir [+] Now You redirect to the My Website [+] Exploitation Technique: [!] remote [+] Severity Level: [!] Low [+] Request Method : [!] GET [+] Vulnerable files : [!] index [+] Patch : [!] Restrict user input or replace bad characters [+] We Are : [+] 0P3N3R [+] Ebrahim_Vaker [+]

References:

https://youtu.be/WcpUXIj-8bc


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top