Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-38722 | CWE-601 | $5,000 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Exploit Alert Team | High | Remote | 2022-06-07 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 0.02192 | 0.50148 |
# Exploit Title: Web Wallet Elrond - Open Redirect Vulnerability # Date: 2022-04-11 # Google Dork: - # Exploit Author: Mohsen Dehghani (aka 0xProfessional) # Contact to me : [email protected] # Vendor Homepage: https://wallet.elrond.com # Software Link: https://wallet.elrond.com # Version: - # Tested on: Linux # CVE : - ########################################################################### #Vulnerability Description: An open redirect vulnerability occurs when an application allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain or inject malicious code & software to user. #Reproduce steps: 1) Edit :https://wallet.elrond.com/hook/login?callbackUrl= 2) Put untrusted domain or malicious url after #callbakUrl= parameter 3) Visit url 4) Login 5) Bom ! you redirected to untrusted domain or malicious url! #PoC: https://wallet.elrond.com/hook/login?callbackUrl=https://attacker.com
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.