nil1511
commented
7 years ago Thank you for notifying. created the fix https://github.com/busyorg/steemconnect.com/pull/127
Closed zubairkhan930 closed 7 years ago
nil1511
commented
7 years ago Thank you for notifying. created the fix https://github.com/busyorg/steemconnect.com/pull/127
zubairkhan930
commented
7 years ago Thank you :)
Recently when i visited steemit's application steemconnect i discovered a vulnreability there . When we specify an invalid scope then the authorize url redirects to the site mentioned in redirect_uri. So, attacker can create an app and use it as open redirector to redirect victims to fake sites. eg. Attacker can host same phishing page and hack the victims.
If you are given link like :
https://steemconnect.com/authorize/@malicious.site?redirect_url=https://malicious.site
Here you ll be Asked For Private key and password when you put valid login you ll be redirected to malicious site.
The @variable and redirect_url are juts matched and redirects you to the site you provided . https://github.com/steemit/condenser/issues/1491#issuecomment-313258068