IncomCMS 2.0 open redirect

Dec 7, 2020 • Mohammed Al-Barbari

Hi there!, this will be short explaination of the vulnerability I’ve found at Incom 2.0 (Latest version) which is open redirect …

Discovered by : Mohammed Fadhl Al-Barbari aka @m4dm0e

Vulnerable endpoint/script : `site.com/go.php?go=EVIL.COM`

Redirection based : `GET-BASED`

Tested on : `Incom 2.0`

LiveDemo URI POC : `http://mzgesheft.kz/ru/go.php?go=https://grodriket.com/`

More info :

I think this is all i need to proof until the Bug is patched!

Thanks for reading this.