ATT&T infinite loop redirection vulnerability
Hello, Fellow Readers
So before we go further if you haven't read my blog Post article here INFINITE LOOP REDIRECTION VULNERABILITY .
now we go further and tell you how i found this vulnerability in one of the att&t subdomain
and they said its valid but yet not remediated ,so i have redact few things.
I did some subdomain scanning using some of my favourite tools from my arsenal
and i came cross this subdomain.
https://*.att.com/
which redirected me to
https://*.att.com/accounts/error
and the kept me redirecting since..
So attacker can show its creativity which leads mass DDOS on att servers.
Now i m writing this because i got an email from them regarding this.
as you can see in the above screenshot.
Hope you like my writeup.
Thank you for reading.
enjoy :-)
So before we go further if you haven't read my blog Post article here INFINITE LOOP REDIRECTION VULNERABILITY .
now we go further and tell you how i found this vulnerability in one of the att&t subdomain
and they said its valid but yet not remediated ,so i have redact few things.
I did some subdomain scanning using some of my favourite tools from my arsenal
and i came cross this subdomain.
https://*.att.com/
which redirected me to
https://*.att.com/accounts/error
and the kept me redirecting since..
So attacker can show its creativity which leads mass DDOS on att servers.
Now i m writing this because i got an email from them regarding this.
as you can see in the above screenshot.
Hope you like my writeup.
Thank you for reading.
enjoy :-)
the possibility is that the dos happens on the both sides.
ReplyDelete