Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unvalidated Redirect #268

Open
bright-security bot opened this issue Jul 9, 2023 · 0 comments
Open

Unvalidated Redirect #268

bright-security bot opened this issue Jul 9, 2023 · 0 comments

Comments

@bright-security
Copy link

Unvalidated Redirect

Severity: Medium Discovered: 09 of July-2023, 01:22 PM

CWE ID

CWE-601

CVSS

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

Possible exposure

Bypass Protection Mechanism; Gain Privileges or Assume Identity; Other

Remediation suggestions

Assume all input is malicious. Use an 'accept known good' input validation strategy, i.e., use a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, 'boat' may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as 'red' or 'blue.' Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a blacklist). A blacklist is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, blacklists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright. Use a whitelist of approved URLs or domains to be used for redirection.

Request

GET https://brokencrystals.com/brokencrystals.com?dummy= HTTP/1.1
Referer: https://brokencrystals.com/api/users/basic
Cookie: bc-calls-counter=1688908806830; connect.sid=WfwAA6BEfVQhlcScDjtImkW2VIVohnXM.L6690aiYC7oqnDrNWTd5obbxF004JYW8%2FemDQ9JZl4I
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/106.0.5249.119 Safari/537.36
Accept-Encoding: identity
Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4iLCJleHAiOjE2ODczMzg5MDB9.Tct-MaLY5LU49s0IR6i-ydQtnG32Hw3OqxD06fu5fZWagWbo2ICsDOPQTKvSPrvZB1c0LzdsEKD_OVzic6KoJ88PvXIuUgh5nHq11q6baEocW8R9yxQjpCDH6rWu90GWeV-X9OgZewVTTWvSIrPL23UE7axbwoh0yQZJOVP4pRLZC85VRVgzUABTY-mk2sxJtu824r3wZBc7mK5rCooW1E88EcZ15UVWBwXjGDZy28ziFTfx1MtMmN13bm9_sQlhnXLd6B1KP_Fb-RlnfByoCXRd7kowwRIZbUqHXwaOHDTnP6uogeeTlT0KNrmaJZoWWmYpmlCbw1KdLiqjWnU2UrqMa9A1fCbuZQf5192NnPE-Htz3y3k_BEScMCg2rKr8jDGIREZxvajRgIcNWUDsgKSrSNGyR6o-iAMOXkvY58LU7W6ERuWYaw7ulUqdY2MNAYOHmQdQF3SML-Ng2bkIHvuiWa_gLVRW75fJypzLz3Cpi6gz8M-OF2hR1t7d8u0xBjjCGfJUTte6oa7Qip5S_K8taxMTyBzYaSgZt6NWgXKiX8j9XDEy8Sr-GITRPAElzOMj-ezTBdvxWc8-C4xt00JVspiewPCFvlu6gbh8GyoGftgXHcdaXDvQoqk2rc44cnJ1NPayuT-Y7qb5DaMn-YWVrtNtELRdJyzVD-lmtsw
Content-Length: 0

Response

HTTP/1.1 200
accept-ranges: bytes
content-length: 7465
content-type: text/html
date: Sun, 09 Jul 2023 13:22:42 GMT
etag: "646aed20-1d29"
last-modified: Mon, 22 May 2023 04:18:40 GMT
strict-transport-security: max-age=15724800; includeSubDomains

<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="description" content="Broken Crystals"><meta name="author" content="farrza@neuralegion"><link rel="manifest" href="/api/config" charset="UTF-8"/><link rel="apple-touch-icon" sizes="57x57" href="/favicons/apple-icon-57x57.png"><link rel="apple-touch-icon" sizes="60x60" href="/favicons/apple-icon-60x60.png"><link rel="apple-touch-icon" sizes="72x72" href="/favicons/apple-icon-72x72.png"><link rel="apple-touch-icon" sizes="76x76" href="/favicons/apple-icon-76x76.png"><link rel="apple-touch-icon" sizes="114x114" href="/favicons/apple-icon-114x114.png"><link rel="apple-touch-icon" sizes="120x120" href="/favicons/apple-icon-120x120.png"><link rel="apple-touch-icon" sizes="144x144" href="/favicons/apple-icon-144x144.png"><link rel="apple-touch-icon" sizes="152x152" href="/favicons/apple-icon-152x152.png"><link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-icon-180x180.png"><link rel="icon" type="image/png" sizes="192x192" href="/favicons/android-icon-192x192.png"><link rel="icon" type="image/png" sizes="32x32" href="/favicons/favicon-32x32.png"><link rel="icon" type="image/png" sizes="96x96" href="/favicons/favicon-96x96.png"><link rel="icon" type="image/png" sizes="16x16" href="/favicons/favicon-16x16.png"><meta name="msapplication-TileColor" content="#ffffff"><meta name="msapplication-TileImage" content="/favicons/ms-icon-144x144.png"><meta name="theme-color" content="#ffffff"/><meta name="insight-app-sec-validation" content="38936a45-0c2c-4f3c-89c0-a26817f2a5a8"><script id="config" type="application/json" src="/api/config"></script><link rel="manifest" href="/manifest.json"/><title>Broken Crystals</title><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,500,500i,600,600i,700,700i|Poppins:300,300i,400,400i,500,500i,600,600i,700,700i" rel="stylesheet"><link href="assets/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet"><link href="assets/vendor/icofont/icofont.min.css" rel="stylesheet"><link href="assets/vendor/boxicons/css/boxicons.min.css" rel="stylesheet"><link href="assets/vendor/owl.carousel/assets/owl.carousel.min.css" rel="stylesheet"><link href="assets/vendor/venobox/venobox.css" rel="stylesheet"><link href="assets/vendor/aos/aos.css" rel="stylesheet"><link href="assets/css/style.css" rel="stylesheet"><link href="vendor/font-awesome-4.7/css/font-awesome.min.css" rel="stylesheet" media="all"><link href="vendor/font-awesome-5/css/fontawesome-all.min.css" rel="stylesheet" media="all"><link href="vendor/mdi-font/css/material-design-iconic-font.min.css" rel="stylesheet" media="all"><link href="vendor/animsition/animsition.min.css" rel="stylesheet" media="all"><link href="vendor/bootstrap-progressbar/bootstrap-progressbar-3.3.4.min.css" rel="stylesheet" media="all"><link href="vendor/wow/animate.css" rel="stylesheet" media="all"><link href="vendor/css-hamburgers/hamburgers.min.css" rel="stylesheet" media="all"><link href="vendor/slick/slick.css" rel="stylesheet" media="all"><link href="vendor/select2/select2.min.css" rel="stylesheet" media="all"><link href="vendor/perfect-scrollbar/perfect-scrollbar.css" rel="stylesheet" media="all"><link href="css/theme.css" rel="stylesheet" media="all"><link href="/static/css/2.50d7ef31.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script src="assets/vendor/jquery/jquery.min.js"></script><script src="assets/vendor/bootstrap/js/bootstrap.bundle.min.js"></script><script src="assets/vendor/jquery.easing/jquery.easing.min.js"></script><script src="assets/vendor/waypoints/jquery.waypoints.min.js"></script><script src="assets/vendor/counterup/counterup.min.js"></script><script src="assets/vendor/owl.carousel/owl.carousel.min.js"></script><script src="assets/vendor/isotope-layout/isotope.pkgd.min.js"></script><script src="assets/vendor/venobox/venobox.min.js"></script><script src="assets/vendor/aos/aos.js"></script><script src="assets/js/main.js"></script><script src="vendor/jquery-3.2.1.min.js"></script><script src="vendor/bootstrap-4.1/popper.min.js"></script><script src="vendor/bootstrap-4.1/bootstrap.min.js"></script><script src="vendor/slick/slick.min.js"></script><script src="vendor/wow/wow.min.js"></script><script src="vendor/animsition/animsition.min.js"></script><script src="vendor/bootstrap-progressbar/bootstrap-progressbar.min.js"></script><script src="vendor/counter-up/jquery.waypoints.min.js"></script><script src="vendor/counter-up/jquery.counterup.min.js"></script><script src="vendor/circle-progress/circle-progress.min.js"></script><script src="vendor/perfect-scrollbar/perfect-scrollbar.js"></script><script src="vendor/chartjs/Chart.bundle.min.js"></script><script src="vendor/select2/select2.min.js"></script><script src="js/main.js"></script><script>!function(e){function r(r){for(var n,a,i=r[0],c=r[1],l=r[2],f=0,p=[];f<i.length;f++)a=i[f],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&p.push(o[a][0]),o[a]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(s&&s(r);p.length;)p.shift()();return u.push.apply(u,l||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var c=t[i];0!==o[c]&&(n=!1)}n&&(u.splice(r--,1),e=a(a.s=t[0]))}return e}var n={},o={1:0},u=[];function a(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,a),t.l=!0,t.exports}a.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise((function(r,n){t=o[e]=[r,n]}));r.push(t[2]=n);var u,i=document.createElement("script");i.charset="utf-8",i.timeout=120,a.nc&&i.setAttribute("nonce",a.nc),i.src=function(e){return a.p+"static/js/"+({}[e]||e)+"."+{3:"973f3222"}[e]+".chunk.js"}(e);var c=new Error;u=function(r){i.onerror=i.onload=null,clearTimeout(l);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing":r.type),u=r&&r.target&&r.target.src;c.message="Loading chunk "+e+" failed.\n("+n+": "+u+")",c.name="ChunkLoadError",c.type=n,c.request=u,t[1](c)}o[e]=void 0}};var l=setTimeout((function(){u({type:"timeout",target:i})}),12e4);i.onerror=i.onload=u,document.head.appendChild(i)}return Promise.all(r)},a.m=e,a.c=n,a.d=function(e,r,t){a.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},a.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.t=function(e,r){if(1&r&&(e=a(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(a.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)a.d(t,n,function(r){return e[r]}.bind(null,n));return t},a.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return a.d(r,"a",r),r},a.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},a.p="/",a.oe=function(e){throw console.error(e),e};var i=this["webpackJsonpreact-broken-crystals"]=this["webpackJsonpreact-broken-crystals"]||[],c=i.push.bind(i);i.push=r,i=i.slice();for(var l=0;l<i.length;l++)r(i[l]);var s=c;t()}([])</script><script src="/static/js/2.15e484a3.chunk.js"></script><script src="/static/js/main.9e44b974.chunk.js"></script></body></html>

Screenshots

Screenshot (0)

External links
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants