Hi there!, this will be short explaination of the vulnerability I’ve found at Incom 2.0 (Latest version) which is open redirect …
Discovered by : Mohammed Fadhl Al-Barbari aka @m4dm0e
Vulnerable endpoint/script : site.com/go.php?go=EVIL.COM
Redirection based : GET-BASED
Tested on : Incom 2.0
LiveDemo URI POC : http://mzgesheft.kz/ru/go.php?go=https://grodriket.com/
More info :
I think this is all i need to proof until the Bug is patched!
Thanks for reading this.