Monday, 14 January 2013
[ Resolved Open Redirect on tradera.com ]
This is a reported "Open Redirect" bug found on tradera.com which i've reported it responsibly on 20/06/2012 and eBay have fixed it.
Severity: URL Redirection
Confidence: Certain
Host: http://zandra.tradera.com/
Path: /event/uoqru/tradera.content.ros/2381283037/click?url=http://www.tradera.com/spion-klocka-spy-watch-4gb-8mp-hd-kamera-vattentatt-30m-ny-auktion_342906_158165880
Issue detail:
The link was found on the main page of tradera.com
If i were to replace "click?url=http://www.tradera.com/spion-klocka-spy-watch-4gb-8mp-hd-kamera-vattentatt-30m-ny-auktion_342906_158165880" with "http://www.ebay.de" without the quotes
If attackers were to send this link to innocent victims, they might be redirected to another malicious website instead of ebay.de as shown in the exmple above.
Reported by: Jacob Soo
Vendor Notification: June 20, 2012
Resolution: October 27, 2012
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment