Senate.gov open redirect vulnerability
- 1 minHello folks! Today I want to share with you official senate.gov open redirect vulnerability. This is actually a very basic example of open redirect vulnerability.
Open redirect issue makes the official US Senate website open to the phishing campaigns.
Details of senate.gov open redirect vulnerability
https://www.youtube.com/watch?v=-Ex5zW20zcc
Actually there is no technical thing to talk about. This is very simple open redirect issue on very important website of US Government.
iqClickTrk.aspx has a parameter called redirect that gets the URL and directly redirect to it without checking the URL.
PoC : https://outreach.senate.gov/iqextranet/iqClickTrk.aspx?redirect=https://mustafakemalcan.com
I tried to communicate with the webmaster(?) but he/she doesn’t give any kind of response to me. Webmaster didn’t patch the issue though.
02.07.2019 - I sent the first email but got no response.
02.16.2019 - I sent the second email but got no response.
02.26.2019 - I sent the third email but still got no response.
04.09.2019 - Disclosure date.