Redirection vulnerability in MBoard

2011-08-01T00:00:00
ID SECURITYVULNS:DOC:26723
Type securityvulns
Reporter Securityvulns
Modified 2011-08-01T00:00:00

Description

Vulnerability ID: HTB23029 Reference: http://www.htbridge.ch/advisory/redirection_vulnerability_in_mboard.html Product: MBoard Vendor: PHPJunkyar ( http://www.phpjunkyard.com ) Vulnerable Version: 1.3 and probably prior Tested on: 1.3 Vendor Notification: 06 July 2011 Vulnerability Type: Redirection vulnerability Status: Not Fixed Risk level: Low Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )

Vulnerability Details: High-Tech Bridge SA Security Research Lab has discovered vulnerability in MBoard, which can be exploited to conduct spoofing attacks.

Input passed via the GET "url" parameter to go.php is not properly sanitised before being used to redirect users. This can be exploited to redirect a user to an arbitrary website.

The following PoC code is available:

http://[host]/go.php?url=http://example.com