Drugs.com Open redirect
Hi fellas,
it been a while i been a controversy surrounding me , as some douchebag think he is superior in infosec community.So without being offensive ,lets get started
So, Drugs.com is the only target Domain i look for , i started with intercepting request and carefully watching them ,i noticed each time i logout the referrer header redirect me ,
so i changed the referrer header and voila i got redirect to my own desired sites.
The original Poc in my email was simple and like this
it been a while i been a controversy surrounding me , as some douchebag think he is superior in infosec community.So without being offensive ,lets get started
So, Drugs.com is the only target Domain i look for , i started with intercepting request and carefully watching them ,i noticed each time i logout the referrer header redirect me ,
so i changed the referrer header and voila i got redirect to my own desired sites.
The original Poc in my email was simple and like this
PoC~
1.login to your drug account
2.now click on sign out and intercept the request and change the referrer header to evil.com or any malicious domain
3.now you can see the website is redirect to that site.
And i recieved a HOF in Drugs.com
Comments
Post a Comment