------------------- Original Message -------------------
Vulnerablility Type: Open Redirect ( https://www.owasp.org/index.php/Open_redirect )
Vulnerable URL:
https://communities.intel.com/terms-and-conditions!input.jspa?url=http://evilsite.com
https://<private>.intel.com/external-link.jspa?url=http://evilsite.com
Summary: An open redirect is an application that
takes a parameter and redirects a user to the parameter value without
any validation. This vulnerability is used in phishing attacks to get
users to visit malicious sites without realizing it.
In the URL described above the parameter url= is
vulnerable to open redirect. An attacker is able to provide a custom URL
where the victim will be redirected. An attacker can impersonate his
malicious URL as Intel's
Amit is a Security Engineer acknowledged by Google, Apple, Microsoft, eBay, Intel and other top companies for reporting security issues in their web services.
0 comments:
Post a Comment