Hi, Hereby I would like to report a security vulnerability that I have found on zurmo-stable- 126.96.36.199987acc3018 in which an attacker can redirect the victim into a malicious domain by modifying the URL value to a malicious site and may successfully launch a phishing scam and steal user credentials.
According to OWASP, Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application's access control check and then forward the attacker to privileged functions that they would normally not be able to access.
Vulnerability Type: Open URL Redirects / Unvalidated Redirects
Affected Product Code Base: zurmo-stable-188.8.131.52987acc3018
Affected Component: http://127.0.0.1/zurmo/app/index.php/meetings/default/createMeeting?redirectUrl=http://www.strongboxit.com/ (Will add more when I test other components too)
Attack Vectors: Steps to Replicate:
Login into zurmo-crm (User: super user).
Enter any redirect URL by modifying the original redirect URL and press enter. In this test case, I have used ?redirectUrl=http://www.strongboxit.com/.
Fill the meeting form. Once done then click save. By clicking save button, the user will be redirected to the entered/modified (malicious) URL.
Discoverer: Meshach. M
Organization: StrongBox IT