Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Thinkific - Open Redirect" module is designed to detect an open redirect vulnerability in the Thinkific software. Thinkific is an online course platform that allows users to create and sell online courses. This vulnerability can potentially allow an attacker to redirect a user to a malicious website and potentially obtain sensitive information. The severity of this vulnerability is classified as medium.
This module was authored by Gal Nagli.
If exploited, the open redirect vulnerability in Thinkific can lead to various consequences, including:
- Potential exposure of sensitive user information - Unauthorized access to user accounts - Possible phishing attacksThe "Thinkific - Open Redirect" module works by sending a specific HTTP request to the Thinkific software and then analyzing the response. The module checks for two matching conditions:
<a href="http://interact.sh?kind=jwt&message=Nil+JSON+web+token"
If both conditions are met, the module identifies the presence of the open redirect vulnerability in Thinkific.
Here is an example of the HTTP request sent by the module:
GET /api/sso/v2/sso/jwt?error_url=http://interact.sh
The module then evaluates the response based on the matching conditions to determine if the vulnerability exists.