Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Otobo - Open Redirect

By kannthu

Medium
Vidoc logoVidoc Module
#redirect#otobo#huntr
Description

Module: Otobo - Open Redirect

What is Otobo - Open Redirect?

This module detects an open redirect vulnerability in Otobo, a specific software. The severity of this vulnerability is classified as medium.

Original author: 0x_Akoko

Impact

An open redirect vulnerability allows an attacker to redirect users to malicious websites, potentially leading to phishing attacks or the installation of malware.

How the module works?

The module sends an HTTP GET request to the "/otobo/index.pl?Action=ExternalURLJump;URL=http://www.interact.sh" path. It then checks the response header for a regex match using the following pattern:

(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\\\)(?:[a-zA-Z0-9\\-_.@]*)interact\\.sh\/?(\/|[^.].*)?$

If the regex match is found, the module reports a vulnerability.

Note: This module is designed to detect the presence of an open redirect vulnerability and does not attempt to exploit it.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/otobo/index.pl?Acti...
Matching conditions
regex: (?m)^(?:Location\s*?:\s*?)(?:https?:\/\/...
Passive global matcher
No matching conditions.
On match action
Report vulnerability