click.tanx.com Open Redirect vulnerability

2016-02-14T16:17:00
ID OBB:134528
Type openbugbounty
Reporter ozergoker
Modified 2018-03-15T01:56:00

Description

Open Bug Bounty ID: OBB-134528

Description| Value
---|---
Affected Website:| click.tanx.com
Vulnerable Application:| Custom Code
Vulnerability Type:| Open Redirect / CWE-601
CVSSv3 Score:| 3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N]
Remediation Guide:| OWASP Open Redirect Cheat Sheet

Vulnerable URL:
http://click.tanx.com/ct?tanx_k=185&tanx;_e=lt8GOQumzHGfNug3c3mE9vIgTNdtQnQKzKmiE1YAG94R1vNWlJFlV67hqlMqtPlgW7S99O6XWDKHwUSKL%2fbzB6X3H9h77tFF7VzoE6ncTzlrwtQN0h%2fxbtwUgF1rmH0%2fCaS%2b1jlmei9x1ukBODJj64%2fHaNj67BawTV4pHkMSOFjNUwCSwx0rCw%3d%3d&tanx;_u=http%3A%2F%2Ftanxlog.istreamsche.com%2Ftclick%3Fgc%3D0ab7409b000056c0a8143ff809422409%252C1054%252C17140%252C1%252Cmm_112110556_11442458_40310593%252C%252C43345%252C%26info%3DdGltZToxNDU1NDY2NTE2CWFyZWE6CXRhZ19jcjoJdGFnX2t3Oglob3Rfa2V5OglzaXplOjMwMHgyNTAJYWR2ZXJJRDoxMDU0CWV4ZWN1dGVJRDoxNzE0MAljcmVhdGl2ZUlEOjQzMzQ1CWNncm91cElEOjMxNDMJbWF0ZXJpYWxJRDozMTQzTTQzMzQ1TTEJdElEOk9PdWVPMU9ldktzPQlyZXF1ZXN0SUQ6MGFiNzQwOWIwMDAwNTZjMGE4MTQzZmY4MDk0MjI0MDkJdW5pb25JRDoxCWJpZGRpbmdfcHJpY2U6MzAJcmVzX2VxdWlwX2lkOglwSUQ6bW1fMTEyMTEwNTU2XzExNDQyNDU4XzQwMzEwNTkzCXRhcmdldF9wcmljZTozMAliaWxsaW5nX21vZGU6MQlvczoJaWRmYTo%26tp%3D1%26url%3Dhttps://www.xssposed.org
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 14 February, 2016 16:17 GMT
Vulnerability Verified:| 14 February, 2016 16:20 GMT
Website Operator Notified:| 14 February, 2016 16:20 GMT
Vulnerability Published:| 14 February, 2016 16:20 GMT[without any technical details]
Vulnerability Fixed:| 15 March, 2018 01:56 GMT
Public Disclosure:| 15 March, 2018 01:56 GMT