Writeups
Showmax - Unvalidated Redirect and XSS
Researcher discovered an unvalidated redirect on a Showmax in a payment method flow. Researcher received an email advertising Showmax 14 day free trial. Clicking the link directed the researcher to a payment page. In on of the HTTP request bodies the following URL was found. The URL parameter redirection_url was found to not only be vulnerable to unvalidated redirects, but also to XSS.
https://secure.showmax.com/v97.3/website/payment/subscriptions/zooz_card/three_d_secure?redirection_url=https://payu.co.za.....
Changing the redirection_url to google will redirect the user to google. Changing the parameter to contain the XSS payload javascript:%250Aalert(1) will trigger reflected XSS.
https://secure.showmax.com/v97.3/website/payment/subscriptions/zooz_card/three_d_secure?redirection_url=https://google.com to https://secure.showmax.com/v97.3/website/payment/subscriptions/zooz_card/three_d_secure?redirection_url=javascript:%250Aalert(1)
Researcher thankfully provided a detailed blog post here:
Upserve URL Pathway
Researcher discovered unvalidated redirect on URL https://inventory.upserve.com/ in the applications root URL path. Appending any URL to the URL will redirect the user there. Thus the following URL redirects to google:
https://inventory.upserve.com/http://google.com/
Hanno
Researcher discovered Open Redirect on endpoint https://blog.fuzzing-project.org/exit.php?url= <url>. The HTTP URL parameter url is vulnerable, supplying any attacker controlled site to the parameter will redirect the user there.
Entering the following URL into a web browser would redirect the user to google.com:
https://blog.fuzzing-project.org/exit.php?url=google.comOthers
Last updated
Was this helpful?