Advertisement






Onion Search Engine Unvalidated Redirect and Forwards Vulnerability

CVE Category Price Severity
CVE-2020-12345 CWE-601 $500 High
Author Risk Exploitation Type Date
Security Researcher High Remote 2019-04-18
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040175

Below is a copy:

Onion Search Engine Unvalidated Redirect and Forwards Vulnerability
[+] Exploit Title ; Onion Search Engine Unvalidated Redirect and Forwards Vulnerability

[+] Date : 2019-04-18

[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS

[+] Vendor Homepage : http://5u56fjmxu63xcmbk.onion

[+] Dork : N/A

[+] Version : N/A

[+] Tested On : windows 10 - kali linux 2.0

[+] Contact : https://telegram.me/WebServer

[+] Description :

[!] Onion Search Engine searches hidden services on the Tor network.

[!] What is Unvalidated Redirect and Forwards ?

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the applications access control check and then forward the attacker to privileged functions that they would normally not be able to access.



[+] Poc :

[+] hacker can edit the url and replace its malicious link

[+] The user trusts the haystak and goes to the hacker link 

[!] Vulnerable Link :

[*] http://5u56fjmxu63xcmbk.onion/url.php?u=Your Link Here

[!] For Ex (We Edit This Link): 

[*] http://haystakvxad7wbk5.onion/redir.php?url=http://google.com

[+] Now You redirected to the Google Website

[+] Exploitation Technique:

[!] remote


[+] Severity Level:

[!] Low

[+] Request Method :

[!] GET

[+] Vulnerable files :

[!] url.php

[+] Patch :

[!] Restrict user input or replace bad characters

[+] We Are :

[+] 0P3N3R [+] 

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.