Header Ads

Header ADS

Unrestricted File upload to Open Redirection on Edmodo



Hi Edmodo,

Here is Shaifullah Shaon (Black_EyE), An Ethical Hacker.
a white hat cyber security researcher from Bangladesh reporting a serious
[3'rd ranking in OWASP] security vulnerability on your system.

I faced a technical security bug called "Unrestricted File upload to Open Redirection on Edmodo".

Now I exploited it. If you verify more, so you can see my video poc that was unlisted my youtube channel.

Let's follow me,

1. I already Open my Account.
2. go to: https://www.edmodo.com/home#/community/support
3. Create a new post and Upload my edmodo.html that was my coded as attached.
4. Just copy link location after saving post, and paste on url.
5. Here as you see, here is also Redirect to as my wish.
6. Now See Again, I upload a html deface page.

POC:
1. https://api.edmodo.com/files/761018561/download?f=47am4l0yf7rfh676f0jv5towh (Open Redirection Page)
2. https://api.edmodo.com/files/761019044/download?f=e5nbgqujbni3do5u6ylvts84u (Hacked Page)


Please See my Video Poc for understand clearly. Hopefully Those are Very critical issue.
Resolve those issue as soon as possible.

Here is proof as video concept (unlisted): https://youtu.be/FVeszzMJfpc

Thank you
Shaifullah Shaon (Black_EyE)
shaon.durjoy@gmail.com

No comments

Powered by Blogger.