Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

HomeAutomation 3.3.2 - Open Redirect

By kannthu

Medium
Vidoc logoVidoc Module
#homeautomation#packetstorm#iot#redirect
Description

HomeAutomation 3.3.2 - Open Redirect

What is the "HomeAutomation 3.3.2 - Open Redirect?"

The "HomeAutomation 3.3.2 - Open Redirect" module is designed to detect an open redirect vulnerability in the HomeAutomation 3.3.2 software. This vulnerability allows an attacker to inject a redirect URL into the application, potentially leading to phishing attacks or unauthorized access to sensitive information. The severity of this vulnerability is classified as medium.

Impact

An open redirect vulnerability in HomeAutomation 3.3.2 can have several impacts, including:

- Phishing attacks: Attackers can trick users into visiting malicious websites by redirecting them from legitimate HomeAutomation pages. - Unauthorized access: By manipulating the redirect URL, attackers can bypass authentication mechanisms and gain unauthorized access to sensitive information or perform actions on behalf of the user.

How the module works?

The module sends a GET request to the "/homeautomation_v3_3_2/api.php" endpoint with specific parameters. It then checks the response headers for a redirect URL that matches the defined regex pattern. If a match is found, the module reports a vulnerability.

Example request:

GET /homeautomation_v3_3_2/api.php?do=groups/toggle&groupid=1&status=1&redirect=https://interact.sh/

The module uses a regex matcher to check the "Location" header for a redirect URL that starts with "https://interact.sh/". If the regex pattern matches, the module identifies the presence of an open redirect vulnerability.

Note: It is important to address this vulnerability promptly to prevent potential security risks and protect user data.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/homeautomation_v3_3...
Matching conditions
regex: (?m)^(?:Location\s*?:\s*?)(?:https?://|/...
Passive global matcher
No matching conditions.
On match action
Report vulnerability