Drugs.com Open redirect

Hi fellas,

it been a while i been a controversy surrounding me , as some douchebag think he is superior in infosec community.So without being offensive ,lets get started

So, Drugs.com is the only target Domain i look for , i started with intercepting request and carefully watching them ,i noticed each time i logout the referrer header redirect me ,

so i changed the referrer header and voila i got redirect to my own desired sites.

The original Poc in my email was simple and like this

1.login to your drug account
2.now click on sign out and intercept the request and change the referrer header to evil.com   or any malicious domain
3.now you can see the website is redirect to that site.

And i recieved a HOF in Drugs.com


Popular Posts