New Relic: [Bypass] Code injection to open redirect in https://insights.newrelic.com/accounts/2521182/dashboards/1026927

2019-11-01T11:26:40
ID H1:727368
Type hackerone
Reporter dangkhai
Modified 2019-11-02T01:36:07

Description

INTRODUCES:

Overcoming mechanism of controlling url insertion, redirecting users to fake pages

STEPS:

Payload: <https://evil.com> Add dashboard note and insert code malicious. Code : Click link to view note detail : <https://evil.com>

Impact

Redirecting users to malicious pages, stealing user information such as fake scripts and user password to view note.