Vulners
Lucene search
MozTrap Open Redirect
🗓️ 15 Jun 2013 00:00:00Reported by Junaid HussainType 
packetstorm🔗 packetstormsecurity.com👁 16 Views
`# Title: moztrap.mozilla.org URL Redirection Vulnerability
# Discovery Date: 15/04/13 | Release Date: 13/06/13
# Author: Junaid Hussain [ illSecure Research Group ]
# Contact: [email protected] | Website: illSecure.com
# Risk: Low
--------------------------------------------------------------------------------------
> Introduction:
The login page on moztrap.mozilla.org requires a user to login
using Mozilla Persona, once a user signs in successfully
they are redirected to the page stated in the "?next=" parameter,
(Example: https://moztrap.mozilla.org/users/login/?next=/results/runs/)
An attacker can change the value of the parameter and redirect
moztrap and persona users to malicious sites such as phishing sites
or sites with malware.
> Example of URL Redirection Vulnerability:
https://moztrap.mozilla.org/users/login/?next=http://illsecure.com
> Proof Of Concept Video:
http://www.youtube.com/watch?v=06N1sWt54qk
- Junaid Hussain - http://illSecure.com - Security Is An Illusion
--------------------------------------------------------------------------------------
Original: http://www.illsecure.com/2013/06/mozilla-moztrap-url-redirection.html
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jun 2013 00:00Current
7.4High risk
Vulners AI Score7.4