I would like to report a vulnerability that I have found today on
zurmo-stable-126.96.36.199 in which the attacker can redirect the victim
into a malicious domain.
Technical Description: Unvalidated redirects/Open url redirects and
forwards are possible when a web application accepts untrusted input
that could cause the web application to redirect the request to a URL
contained within untrusted input. By modifying untrusted URL input to
a malicious site, an attacker may successfully launch a phishing scam
and steal user credentials. Because the server name in the modified
link is identical to the original site, phishing attempts may have a
more trustworthy appearance. Unvalidated redirect and forward attacks
can also be used to maliciously craft a URL that would pass the
application's access control check and then forward the attacker to
privileged functions that they would normally not be able to access.
Open URL Redirects and Forwards
Affected Product Code Base
Zurmo CRM - zurmo-stable-188.8.131.52b482704bc58
1.Login into zurmo-crm by user(tested on super user).
2.Open the first url it will redirect user directly without any kind of input.
3.For second url:
b. Enter any redirect url. In our case ?redirectUrl=https://paypal.com
c. Fill the meeting form, then by clicking on save button user is redirected to the malicious url.
Organization: Provensec LLC