Advertisement






Web Wallet Elrond - Open Redirect Vulnerability

CVE Category Price Severity
CVE-2021-38722 CWE-601 $5,000 High
Author Risk Exploitation Type Date
Exploit Alert Team High Remote 2022-06-07
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022060027

Below is a copy:

Web Wallet Elrond - Open Redirect Vulnerability
# Exploit Title: Web Wallet Elrond - Open Redirect Vulnerability
# Date: 2022-04-11
# Google Dork: -
# Exploit Author: Mohsen Dehghani (aka 0xProfessional)
# Contact to me : [email protected]
# Vendor Homepage:  https://wallet.elrond.com
# Software Link:  https://wallet.elrond.com
# Version: -
# Tested on: Linux
# CVE : -
###########################################################################
#Vulnerability Description:
An open redirect vulnerability occurs when an application allows a user to control a redirect or forward to another URL.
If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain
or inject malicious code & software to user.

#Reproduce steps:

1) Edit :https://wallet.elrond.com/hook/login?callbackUrl=
2) Put untrusted domain or malicious url after #callbakUrl= parameter
3) Visit url
4) Login
5) Bom ! you redirected to untrusted domain or malicious url!



#PoC:
https://wallet.elrond.com/hook/login?callbackUrl=https://attacker.com

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.