Jump to content

Search the Community

Showing results for tags 'Vulnerability'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Using and Managing Revive Adserver
    • Documentation
    • Using Revive Adserver
    • Managing Revive Adserver
    • Bugs
  • Advanced Topics
    • Performance, Scalability, and Reliability
    • For Developers
  • Revive Adserver Community
    • Revive Adserver Project News and Announcements
    • Feature Requests
    • Plugins
    • Requests for Consulting
    • Off Topic

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL

Found 1 result

  1. Steps to reproduce the vulnerability: Different kinds of ads are shown on one of sites and clicking on them redirect one to the respective website. But this redirection isn't properly sanitized and this link(s) are using for for redirecting to anysite(s) including phishing and spam site(s) which caused harm like redirecting to phishing login page. here I used ad.example.com Steps: 01. Clicking on any ad opens a new link For me it is http://ad.example.com/www/delivery/ck.php?oaparams=2__bannerid=14__zoneid=6__cb=1e354023f6__oadest=http://www.yahoo.com Here we see that ck.php has multiple parameter. 02. the last parameter for ck.php is "oadest=" (excluding the " ) 03. There in oadest parameter an URL is given. We can put any URL there and it will be redirect to that http://ad.example.com/www/delivery/ck.php?oaparams=2__bannerid=14__zoneid=6__cb=1e354023f6__oadest=http://www.google.com It redirect(s) to Google 04. Now I tried to see what happens if I remove oadest parameter. If I remove that the link is redirected to the correct site http://ad.example.com/www/delivery/ck.php?oaparams=2__bannerid=14__zoneid=6__cb=1e354023f6 05. And then I tried what happens if the remove all the parameter except oadest http://ad.example.com/r/www/delivery/ck.php?oadest=http://www.google.com and it is redirecting to Google once again. 06. I think it can be more serious if we try with ../ it redirects to admin panel http://ad.example.com/www/delivery/ck.php?oadest=../? Now this vulnerability has been used to do phishing and spam attack saying that it is a link form corosponding website and it is trusted then it asking for login to a phishing site. Please provide us a fix of it ASAP.
×
×
  • Create New...