Author Topic: "Exploit" on the download page of the website  (Read 1945 times)

0 Members and 1 Guest are viewing this topic.

Kronos

  • Entrant
  • Posts: 1
"Exploit" on the download page of the website
« on: March 05, 2014, 07:08:33 PM »
First, thank you for chameleon, it's an awesome project.

So I was downloding the latest release on the download page and I noticed that the file path is in a php arg. So I tried to modifiy it with an url and when clicking on the download link the page redirect the user to that url.

This can be a problem when others forums provide the link to your download page, if modified it can redirect the user to an infected website.

Exemple:
http://chameleon.osx86.hu/static/some-words-about-donation?ref=/www.google.com
(click the download link and watch the magic happend)

Gringo Vermelho

  • Forum Moderator
  • Posts: 611
  • The gray monster energy hat
Re: "Exploit" on the download page of the website
« Reply #1 on: April 07, 2014, 03:53:09 AM »
All those downloads are obsolete anyway. And I don't know who is supposed to maintain that page.

I try to keep a recent version in my guide, see link in my signature.
10.9.5 - ASUS P8Z77-V Pro - i5 3570K - GTX 660 - Chameleon 2.3 svn-r2xxx
How to...
Install Chameleon: http://forum.voodooprojects.org/index.php/topic,649
Make your own Chameleon boot CD: http://forum.voodooprojects.org/index.php/topic,484.msg2131.html#msg2131

Gen0

  • Entrant
  • Posts: 1
Re: "Exploit" on the download page of the website
« Reply #2 on: October 17, 2014, 05:23:55 PM »
Try this for example, click on my link then click download. Instead of taking you to a hard defined link it takes you to whatever link is in the ref tag in the URL. This means that, using a link shortener or some other link obfuscation, I can trick a new user into believing that Chameleon/this site for Chameleon is distributing viruses.

http://chameleon.osx86.hu/static/some-words-about-donation?ref=/bit.ly/1bfrsf7

Interestingly, the line at the bottom "alternatively you can download..." with the bad link actually disappears without the tag, so maybe it's a good idea to just remove that line entirely.