ATT&T infinite loop redirection vulnerability

Hello, Fellow Readers

So before we go further if you haven't read my blog Post article here INFINITE LOOP REDIRECTION VULNERABILITY .

now we go further and tell you how i found this vulnerability in one of the att&t subdomain
and they said its valid but yet not remediated ,so i have redact few things.

I did some subdomain scanning using some of my favourite tools from my arsenal
and i came cross this subdomain.

https://*.att.com/

which redirected me to

https://*.att.com/accounts/error

and the kept me redirecting since..




So attacker can show its creativity which leads mass DDOS on att servers.


Now i m writing this because i got an email from them regarding this.




as you can see in the above screenshot.
Hope you like my writeup.

Thank you for reading.

enjoy :-)

Comments

Popular Posts