Avatar Hi there, I am Mohammed Fadhl Al-Barbari 18 y/o cyber security researcher , Web dev/tester, Mobile applications dev/tester, tools builder and Bugs hunter . Hacker since 2015

IncomCMS 2.0 open redirect

Hi there!, this will be short explaination of the vulnerability I’ve found at Incom 2.0 (Latest version) which is open redirect …

Discovered by : Mohammed Fadhl Al-Barbari aka @m4dm0e

Vulnerable endpoint/script : site.com/go.php?go=EVIL.COM

Redirection based : GET-BASED

Tested on : Incom 2.0

LiveDemo URI POC : http://mzgesheft.kz/ru/go.php?go=https://grodriket.com/

More info :

I think this is all i need to proof until the Bug is patched!

Thanks for reading this.