Horde Webmail 5.1 – Open Redirect

• Exploit Database
• 119 阅读

• 作者： felipe andrian
  日期： 2014-04-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/32638/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  [+] Horde webmail - Open Redirect Vulnerability [+] Date: 31/03/2014 [+] Risk: Low [+] Remote: Yes [+] Author: Felipe Andrian Peixoto [+] Vendor Homepage: http://www.horde.org/apps/webmail [+] Contact: felipe_andrian@hotmail.com [+] Tested on: Windows 7 and Linux [+] Vulnerable File: go.php [+] Dork: inurl:horde/util/go.php? [+] Version: 5.1 probably other versions too [+] Exploit : http://host/horde/util/go.php?url=[ Open Redirect Vul ]   Note : An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Reference :https://www.owasp.org/index.php/Open_redirect