Chameleon > General Discussion

"Exploit" on the download page of the website

(1/1)

Kronos:
First, thank you for chameleon, it's an awesome project.

So I was downloding the latest release on the download page and I noticed that the file path is in a php arg. So I tried to modifiy it with an url and when clicking on the download link the page redirect the user to that url.

This can be a problem when others forums provide the link to your download page, if modified it can redirect the user to an infected website.

Exemple:
http://chameleon.osx86.hu/static/some-words-about-donation?ref=/www.google.com
(click the download link and watch the magic happend)

Gringo Vermelho:
All those downloads are obsolete anyway. And I don't know who is supposed to maintain that page.

I try to keep a recent version in my guide, see link in my signature.

Gen0:
Try this for example, click on my link then click download. Instead of taking you to a hard defined link it takes you to whatever link is in the ref tag in the URL. This means that, using a link shortener or some other link obfuscation, I can trick a new user into believing that Chameleon/this site for Chameleon is distributing viruses.

http://chameleon.osx86.hu/static/some-words-about-donation?ref=/bit.ly/1bfrsf7

Interestingly, the line at the bottom "alternatively you can download..." with the bad link actually disappears without the tag, so maybe it's a good idea to just remove that line entirely.

Navigation

[0] Message Index