Hello Everyone
Recently I got Microsoft Hall of Fame
As Microsoft Security Response Ceneter (MSRC) Acknowledged the security researchers who have helped make Microsoft online services safer by finding and reporting security vulnerabilities.
Today i’m going to share my journey how i got this bug in one of the Microsoft owned domain.
Vulnerable Domain: https://www.healthvault.com/en-us
Vulnerability: “Open Redirect Vulnerability”
So my journey start to finding this bug as i just stumble upon https://www.healthvault.com/en-us and try to find out some Vulnerability on that domain.
First I login on https://www.healthvault.com/en-us with a valid credentials and goto Basic Profile section, where we can make changes in our profile. There’s a cancel link and this is the Vulnerable link for Open Redirect where Cancel Record with referrer parameter have “Open Redirect” Flaw https://account.healthvault.co.uk/Record/Cancel?referrer=%2f%2fwww.google.co.in
that redirect on other website, in the end it will redirect to www.google.co.in
thus , showing a redirection bug that is considered as very critical because it may be use for Phishing or redirect user to any Malicious Website.
I’m going to share a video POC so that Reader can understand in better way
I’ll Share more information & Tutorials about Open Redirect Vulnerability in my upcoming post.
Stay with Us & Thanks
Jafar Hasan
Appin Technology Lab, Indore
