Mozilla Pollbot - Open Redirect

What is the "Mozilla Pollbot - Open Redirect?"

The "Mozilla Pollbot - Open Redirect" module is designed to detect an open redirect vulnerability in Mozilla Pollbot. This vulnerability allows an attacker to redirect a user to a malicious website, potentially leading to the disclosure of sensitive information or the modification of data. The severity of this vulnerability is classified as medium.

This module was authored by Evan Rubinstien.

Impact

An open redirect vulnerability in Mozilla Pollbot can have serious consequences. By exploiting this vulnerability, an attacker can trick users into visiting malicious websites, leading to potential data breaches, phishing attacks, or the installation of malware on their devices.

How the module works?

The "Mozilla Pollbot - Open Redirect" module works by sending a GET request to the "/%0A/interact.sh/" path. It then applies two matching conditions to determine if the open redirect vulnerability exists:

- The module checks the response headers for a regex pattern that matches the "Location" header. If the pattern is found, indicating a redirect, the condition is met. - The module also checks if the response status code is 301, indicating a permanent redirect. If the status code matches, the condition is met.

If both matching conditions are met, the module reports the vulnerability.