Voodooprojects

Chameleon => General Discussion => Topic started by: Kronos on March 05, 2014, 07:08:33 PM

Title: "Exploit" on the download page of the website
Post by: Kronos on March 05, 2014, 07:08:33 PM
First, thank you for chameleon, it's an awesome project.

So I was downloding the latest release on the download page and I noticed that the file path is in a php arg. So I tried to modifiy it with an url and when clicking on the download link the page redirect the user to that url.

This can be a problem when others forums provide the link to your download page, if modified it can redirect the user to an infected website.

Exemple:
http://chameleon.osx86.hu/static/some-words-about-donation?ref=/www.google.com (http://chameleon.osx86.hu/static/some-words-about-donation?ref=/www.google.com)
(click the download link and watch the magic happend)
Title: Re: "Exploit" on the download page of the website
Post by: Gringo Vermelho on April 07, 2014, 03:53:09 AM
All those downloads are obsolete anyway. And I don't know who is supposed to maintain that page.

I try to keep a recent version in my guide, see link in my signature.
Title: Re: "Exploit" on the download page of the website
Post by: Gen0 on October 17, 2014, 05:23:55 PM
Try this for example, click on my link then click download. Instead of taking you to a hard defined link it takes you to whatever link is in the ref tag in the URL. This means that, using a link shortener or some other link obfuscation, I can trick a new user into believing that Chameleon/this site for Chameleon is distributing viruses.

http://chameleon.osx86.hu/static/some-words-about-donation?ref=/bit.ly/1bfrsf7

Interestingly, the line at the bottom "alternatively you can download..." with the bad link actually disappears without the tag, so maybe it's a good idea to just remove that line entirely.