what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PHP Universal Web Messenger Cross-Domain Redirect

PHP Universal Web Messenger Cross-Domain Redirect
Posted Dec 16, 2010
Authored by ProCheckUp, Jan Fry | Site procheckup.com

PHP Universal Web Messenger suffers from a cross-domain redirect vulnerability.

tags | exploit, web, php
SHA-256 | 3d11a6d4f9d5cdf42c90ac17922caf1bba35357aa4b5bbdfd7e1d98500977074

PHP Universal Web Messenger Cross-Domain Redirect

Change Mirror Download
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-06


PR10-06 Cross-domain redirect on PGP Universal Web Messenger
Advisory publicly released: Thursday, 16 December 2010
Vulnerability found: Wednesday, 10 February 2010
Vendor informed: Wednesday, 10 February 2010
Vulnerability fixed: Tuesday, 14 December 2010
Severity level: Medium/High
Credits
Jan Fry of ProCheckUp Ltd (www.procheckup.com).
Description
A remote URI redirection vulnerability affects the PGP Universal Web
Messenger. This issue is due to a failure of the application to properly
sanitize URI-supplied data assigned to the 'retryURL' parameter.

An attacker may leverage this issue to carry out convincing phishing
attacks against unsuspecting users by causing an arbitrary page to be
loaded once a PGP Universal Web Messenger specially-crafted URL is visited.

Vulnerable server-side script: '/b/lnj.e?'

Unfiltered parameter: 'retryURL'
Proof of concept
Example of specially-crafted URL:

https://target-domain.foo/b/lnj.e?retryURL=//www.procheckup.com

Consequences:

Victim users can be redirected to third-party sites for the purpose of
exploiting browser vulnerabilities or performing phishing attacks.
How to fix
The vendor has stated that this issue was addressed in the PGP Universal
Web Messenger.
References


Legal
Copyright 2010 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community
for the purpose of alerting them to problems, if and only if, the
Bulletin is not edited
or changed in any way, is attributed to Procheckup, and provided such
reproduction and/or
distribution is performed for non-commercial purposes.


Any other use of this information is prohibited. Procheckup is not
liable for any misuse of this information by any third party.
Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close