#6 Astro :Another Open Redirection Bug

 

In Previous Post i already disclosed an open url redirection bug in Astro’s official website . So today, I decided to take a look again in another Astro sub domain and guess what?Another open redirection bug at login.astro.com.my

The only thing that made me feel frustrated is they didn’t notify me or even say Thank you to me for reporting that bug.

At least, say THANK YOU. Lmaoo.
Enough talk ..Let’s reproduce this bug

Vulnerable parameter:

‘returnurl’ as there’s no filter in the source code which allow external redirection.

https://login.astro.com.my/ssowebnx/login.aspx?local=1&pid=acm&returnurl=https://bit.ly/2ghtDtV

(This will redirect to my Facebook)

NOTE: Notice that I use URL shortener because if I don’t use it,at the end point of URL there will be random generated hash created by Astro as they think I’ll be redirected into their site.

Example random hash:

https://somesite.com/?sid=DHDF69J1B76FFFGCK4F982711

Although they didn’t give me any credit for disclosing this bug. I hope they take this bug report as a serious issue because a simple URL redirection can led to a serious problem. 

An attacker/scammerr can easily redirect Astro users to scam page to steal their private info.That’s all for now.

Kaizen

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s