FS#116 : Blind SSRF and Open Redirection in Comment Section

Status Closed
Assigned To

cbay
Private

Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 09.12.2024
Last edited by cbay - 10.12.2024

FS#116 - Blind SSRF and Open Redirection in Comment Section

Hello Team, I hope you are doing well, while researching in your domain i found Blind SSRF and Open Redirection in Comment Section.

Steps:

1.https://blog.alwaysdata.com/2018/09/20/teaching-program-for-better-it-courses/comment-page-1/ 2. Fill the form and add evil.com or your burp Collab in Website Field.
3.Then Click on Post Comment to post your comment in website.

You can see your comment is posted in the website, when you click on the username in the post it will redirect you in the attacker website or in burp collab you get dns and http responses.

Attacker can host your malicious website in comment section to redirect a user in their website for stealing stuffs etc.

#Note:

It can also vulnerable for clickjacking.

Thank You,

Waleed Anwar

Closed by cbay
10.12.2024 07:40
Reason for closing: Invalid

Comments (1)
Related Tasks (0/0)

cbay commented on 10.12.2024 07:40

Hello,

That's standard WordPress behaviour. I don't see any vulnerability here, but if you do you should report it to them.

Kind regards,
Cyril

	Tasks related to this task (0)

Loading...

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task