ID H1:503922
Type hackerone
Reporter zophi
Modified 2019-03-03T16:24:37
Description
Hi Team!
Testing request:
POST /public.php?return=%2F HTTP/1.1
Host: tt.hboeck.de
...........
op=login&login={….}&password={...}&profile=0
Vulnerable parameter: return
Method: POST
-> GET
-> OK
POC:
https://tt.hboeck.de/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0
Impact
User can be redirect to malicious site.
{"id": "H1:503922", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Hanno's projects: Open redirect on the https://tt.hboeck.de", "description": "Hi Team!\n\nTesting request:\n`POST /public.php?return=%2F HTTP/1.1\nHost: tt.hboeck.de\n...........\nop=login&login={\u2026.}&password={...}&profile=0`\n\nVulnerable parameter: `return`\n\nMethod: `POST` -> `GET` -> OK\n\nPOC:\n`https://tt.hboeck.de/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0`\n\n## Impact\n\nUser can be redirect to malicious site.", "published": "2019-03-01T17:47:36", "modified": "2019-03-03T16:24:37", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/503922", "reporter": "zophi", "references": [], "cvelist": [], "lastseen": "2019-03-24T08:15:40", "viewCount": 13, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2019-03-24T08:15:40", "rev": 2}, "dependencies": {"references": [], "modified": "2019-03-24T08:15:40", "rev": 2}, "vulnersScore": -0.1}, "bounty": 0.0, "bountyState": "resolved", "h1team": {"url": "https://hackerone.com/hannob", "handle": "hannob", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/030/278/253800fbe8bfabdc72f03b7f0f1ddb38adb47f82_small.?1529948333", "medium": "https://profile-photos.hackerone-user-content.com/000/030/278/dfe1a45d96316ca04d5f928eaff3e62f576945a8_medium.?1529948333"}}, "h1reporter": {"disabled": false, "username": "zophi", "url": "/zophi", "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "is_me?": false, "hackerone_triager": false, "hacker_mediation": false}}
{}